Networking is a fundamental part of using any computer. Today, virtually every computer is connected to the internet, and no matter how secure your operating system and setup is, inherently unsafe protocols, eavesdropping, and non-secured transactions are hard to combat without knowledge of networks. In this how-to, I show how I manage issues with security when it comes to networking - specifically, directed towards the Mac OS X platform, although some tips may be universal for systems across the board.

If you’re on the move, and you own a laptop computer, you’re always at risk. Open wireless networks have become gold-mines for people willing to apply such networking attacks. But you may find that you connect to your neighbor’s open Wi-Fi, or go to LAN parties with ‘open’ ethernet, or your own company network, where you go to work, or you are in control, and exposed to, possibly, people with malicious intent, or the intent to hurt your privacy.

To get past a lot of limitations and monitoring, people have been tunneling over protocols since the very beginning. These ‘covert channels’ are a premiere way to secure your own traffic; some people suggest using ‘anonymous’ proxies publicly available, which I consider to be a very bad idea. I’d like to know who I trust at all times. Be paranoid when it comes to networking, it’s often quite a healthy attitude. a very easy way to get the idea of these channels is to look at this diagram I made;

In this case, SSH, the Secure Shell protocol, is used to tunnel FTP (file transfer) and SMTP (e-mail transfer). You can be completely creative with tunneling services (although forwarding DNS is a won’t go — TCP services only) at your own leisure. It involves only a few painless keystrokes in the Terminal (in this case, open the Terminal application, which resides in the Applications’ folder subfolder ‘Utilities’, and type; sudo ssh -l username@server.com -L 25:server.com:25 ; in this case, port 25 (SMTP) will be tunneled over SSH, so you can point your Mail client to localhost at port 25). More complex solutions are VPN’s; they involve using protocols like PPP to make a full serial connection out of SSH.

For further, much further tunneling of services, one host, or a network of hosts is needed. You can tunnel your traffic over ICMP (the protocol commonly used for the infamous ‘ping’ command) via another server, to bypass pesky firewalls and closed access points (think T-Mobile). You can even take all limitations for granted and go over DNS, like Dan Kaminsky has shown in some astonishing presentations. However, because such solutions aren’t easily applicable on the Mac, I’ll leave them for the experienced reader to figure out themselves. You have the links you need. An easy, out of the box solution to networks that scrutinize content that gets sent by is encryption, and to ensure sites and advertising (a very big problem in this age) from tracking you, software for all platforms Tor / Vidalia and Privoxy are available. I recommend anyone to at least install them, and if you use Firefox as well, be sure to pick up the matching extension.

Simple other mental notes can always help you be secured. Try putting “https://” in front of your favorite URL’s, especially sensitive ones. Gmail loves to drop you out of your secure connection after login. Remember yourself to check these things, especially on an unsecured wireless network. You are just throwing all your email into the ether for anyone to sniff out. Be aware of what network you get onto, and if your network security settings are right (automatically joining networks and bluetooth on by default is bad! bad!).

If you want more control over your own network, my earlier how-to; “Owning your network, open-source style” might be just what you are looking for.