Security Basics mailing list archives
Re: Question on appliances that do "decryption" of SSL
From: DaKahuna <da.kahuna () gmail com>
Date: Tue, 26 Apr 2011 19:20:27 -0400
On Apr 26, 2011, at 11:43 AM, Edd Burgess wrote:
If you want your connection to be confidential, even if you're sat on an untrusted network, use SSH tunneling to a box you trust and have connected to before (you know you have the correct RSA key, and it hasn't changed). ssh -D 4444 -N user () trustedhost com is what I use when travelling around in places that block/sniff connections - facebooking from China for example.
That's what I use to do. That method requires you to manually change configurations in your network configuration as well to have a sox proxy on your local box on port 4444. What I am using now is much simpler. It's OpenVPN installed on server I trust. I use an HTTPS Session to connect to OpenVPN and once that connection is established all my traffic is routed across the openVPN without me having to go in and make configuration changes to my network. That way when I am in a hotel, airport or other place where I am forced to use an open wireless connection, I do not have to disable the proxy, set up the ssh session and then re-enable the proxy. I simply connect to the WAP, get my ip address from the captive portal or whatever, and then https to the openVPN session. I still use ssh -D from time to time though just for the fun of it. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Question on appliances that do "decryption" of SSL Ray Van Dolson (Apr 25)
- RE: Question on appliances that do "decryption" of SSL David Gillett (Apr 26)
- Re: Question on appliances that do "decryption" of SSL Edd Burgess (Apr 26)
- Re: Question on appliances that do "decryption" of SSL DaKahuna (Apr 27)
- Re: Question on appliances that do "decryption" of SSL Edd Burgess (Apr 26)
- Re: Question on appliances that do "decryption" of SSL Paul Johnston (Apr 26)
- <Possible follow-ups>
- Re: Question on appliances that do "decryption" of SSL kaarthik rm (Apr 27)
- RE: Question on appliances that do "decryption" of SSL David Gillett (Apr 26)