Proxy server

MilenKid · 2013-05-23 10:58:17

Hi,

I would like to use a proxy server, for external IPs. I want to use this in order to browse more privately at work, so I will just connect with a spcific browser through my proxy.

Proxy should have SSL encryption and should be not so hard to configure. I was thinking of using simple proxy with ssh:

Simple Proxy with SSH
Connect to a server (HOST) on which you have an account (USER) as follows
ssh -D PORT USER@HOST
For PORT, choose some number which is not an IANA registered port. This specifies that traffic on the local PORT will be forwarded to the remote HOST. ssh will act as a SOCKS server. Software supporting SOCKS proxy servers can simply be configured to connect to PORT on localhost

I'm not sure it can be done in windows (putty) but I will try (not at work now). It the documentation it says it does.

I would also like to have the DNS queries done through the proxy, how tor browser does it (firefox). This would be the main problem.

Any suggestions please, or my method seems secure to you?

This is not a "HOWTO" topic, I'm mostly asking for opinions - seems secure to you, any other ideea?

Last edited by MilenKid (2013-05-23 11:02:12)

ewaller · 2013-05-23 16:16:53

Using an ssh channel is secure, provided when you make that first connection you ensure you are talking to the computer to which you think you are talking. Otherwise, someone can compromise you with a man-in-the-middle attack.

Now, as moderator:
We do not condone activity that seeks to circumvent security policies, What are your companies policies on internet use with regards to browsing? Do they demand you pass through their filters and malware screening? Do they permit the use of SSH channels? Do you know if the required port is blocked? Do you intend to notify your IT department of this activity?

I have half a dozen good engineers that report to me. I would fire any one of them, today, if I were to find them deliberately circumventing our security. It may not be possible to decrypt your data, but any volume of data moving through an encrypted pipe is going to set off alarm bells in any competent IT department.

Last edited by ewaller (2013-05-23 16:17:56)

MilenKid · 2013-05-24 11:50:05

Thank you.

Man in the middle will be avoided using login only based on keys.

more off-topic:
There is no policy, especially for me. But I know 90% I'm being recorded because I work with company's highly confidential data. I could take everything basically to a USB HDD if I'd like, but that's not the point. I just don't want my private stuff being tracked. I will tunnel only one browser and chat if I need, the one I keep open for myself.
More off-topic, I don't bite into the corporate play. Corporation lie, it's their business. Maybe you work for a nice NGO or a small nice company, who knows, but it's not the case at my end of the line. You should lie to if you want to succeed in corporate world. Succeed = money, of course, it's not about spiritual enlightenment. Oh well, on the other side we can keep our heads down, follow all the corporate rule, be honest as employees, smile to the CEO/CFO/PM/TLs and keep the game going, look how nice it got everybody.

If anyone asks me about the large amount of data going through the same connection, I will honestly tell the truth - it's my private business, exactly the same how it is when you go to the bathroom and neither the managers or the IT come after you to see if you are wiping your butt with toilet paper that's against company's policy or flushing the water twice, not once as recommended in the internal documents, approved by the CEO, amended by the CFO and audited by the financial committee.

peace.

Last edited by MilenKid (2013-05-24 11:52:10)

ewaller · 2013-05-24 13:22:13

If that all works for you, and it is within their policy, fine. At issue is that, most companies frown on this, and, as a representative of Arch Linux, I cannot not encourage behavior that reflects poorly on us You are in a unique situation. Whether or not one agrees with corporate culture, if one plays their game, one most play by the rules; it is their infrastructure, it is their data. I have (and do) worked for large and small companies; they are all rightly concerned about data security.

Arch Linux

#1 2013-05-23 10:58:17

Proxy server

#2 2013-05-23 16:16:53

Re: Proxy server

#3 2013-05-24 11:50:05

Re: Proxy server

#4 2013-05-24 13:22:13

Re: Proxy server

Board footer