Security Basics mailing list archives

Re: Question on appliances that do "decryption" of SSL

From: DaKahuna <da.kahuna () gmail com>
Date: Tue, 26 Apr 2011 19:20:27 -0400


On Apr 26, 2011, at 11:43 AM, Edd Burgess wrote:

If you want your connection to be confidential, even if you're sat on an untrusted network, use SSH tunneling to a 
box you trust and have connected to before (you know you have the correct RSA key, and it hasn't changed).

ssh -D 4444 -N user () trustedhost com

is what I use when travelling around in places that block/sniff connections - facebooking from China for example.

That's what I use to do. That method requires you to manually change configurations in your network configuration as
well to have a sox proxy on your local box on port 4444. What I am using now is much simpler. It's OpenVPN installed
on server I trust. I use an HTTPS Session to connect to OpenVPN and once that connection is established all my
traffic is routed across the openVPN without me having to go in and make configuration changes to my network. That way
when I am in a hotel, airport or other place where I am forced to use an open wireless connection, I do not have to
disable the proxy, set up the ssh session and then re-enable the proxy. I simply connect to the WAP, get my ip address
from the captive portal or whatever, and then https to the openVPN session.

I still use ssh -D from time to time though just for the fun of it.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Question on appliances that do "decryption" of SSL Ray Van Dolson (Apr 25)
- RE: Question on appliances that do "decryption" of SSL David Gillett (Apr 26)
  - Re: Question on appliances that do "decryption" of SSL Edd Burgess (Apr 26)
    - Re: Question on appliances that do "decryption" of SSL DaKahuna (Apr 27)
- Re: Question on appliances that do "decryption" of SSL Paul Johnston (Apr 26)
- <Possible follow-ups>
- Re: Question on appliances that do "decryption" of SSL kaarthik rm (Apr 27)