A field guide to crypto

(Not) Listening in

One of the greatest needs for security as an individual using the internet isn't so much the data that you have on your system, but the transmission method in which it gets there. Not all network protection is created equal - but here's how you can secure yours from prying eyes no matter what the case.

Wireless Networks - PSK/TKIP

Let's be honest, setting up your wireless networking can be a pain. But wireless access theft and subsequent abuse have been making headlines for a little while now. You may have set up your router and flippantly threw a random string into that box labeled "Shared key," wrote down a little info and moved on with your life...but what did all of that mean?

The big choice for Wireless network security isn't so much the security protocol (WPA/WPA2 are standard), but the encryption methods and passkey. WPA2 boasts "AES" encryption, but for the small fact that it's not actually AES. In reality, it's a derivative of AES that is substantially weaker in order to shrink down the data transmission and decryption slowdown.

Contrary, you can choose TKIP, a standard that's been around since the very flawed WEP security protocol. TKIP encryption is based on the RC4 algorithm, so it's not exactly Ft. Knox, but it is blazingly fast. The truth is, most people who would crack a home user's network are looking for a quick fix, and the bulk of your weakness is in the passkey you choose (PSK, or pre-shared key) and not the encryption itself.

Save yourself some processing time and frustration, and switch yourself to TKIP with a strong passkey (I'll get into this in a bit). Once you get your devices logged onto it, hide your SSID and you will be much more secure than that dude down the street, which is plenty enough to get you out of your network being hijacked.

Secure browsing anywhere - OpenSSH, Putty, Privoxy

Sometimes, you just don't want to leave your browsing history everywhere you go. What's that I hear? You already carry Pocket Firefox on your USB key so you don't leave traces? Well, that's a start - but every place you go leaves an imprint on the router it passes through, no matter whose browser you used.

In order to prevent this issue from pointing to your porn...err, movie viewing habits, I introduce you to SSH, or Secure Shell. Secure Shell was introduced in 1995 and is a key ingredient in most server setups, at least UNIX based ones. Windows has largely left it out by design, as the OS doesn't have the user account security to cope with such unabridged access.

With that being said, many SSH Server clients are available for Windows. Probably the best of these is OpenSSH, which has the benefit of being open-source. For those with a 'Nix box at home, you have this built in already - just enable it. For Windows users, install this on the box you would like to actually handle your browsing for you, such as your home computer.

The beauty of SSH is that it is essentially like "being there" at your desk. Once connected, you can forward any commands you need to through the shell to the host computer. We'll use another open-source program called Privoxy to catch HTTP commands sent to the host through the SSH Tunnel, and then send the data retrieved from the web right back through the tunnel to your waiting client.

SSH uses a client program to "phone home" and make that tunnel, and for Windows the best one out is PuTTY (yet again, free). This tiny little program is great off of a USB key, as it leaves no marks on the client computer - just run it and connect it to the SSH server at home. Then set your portable Firefox browser to listen on a proxy port (the one you set PuTTY up on) and you're all set.

The beauty of SSH is its asymmetrical encryption - any data sent between client and host is completely shielded. So all of your web-browsing will disappear into simply a "phone home" to your home computer, with no visibility as to what you were doing. Bandwidth is a little limited (since your download and upload stream are made equal), but that's a small price to pay for utterly secure browsing.

Of course, make sure you play it smart and take a few precautions, particularly those of you on Windows. Make sure to set your ports up to use things outside of the normal range at home, so port scanners are less likely to catch you with an open SSHd port. Also, it would be wise to create an entirely separate user account with very limited access for your SSH jobs, just in case something were to happen, as well as deactivate your basic user accounts like "Administrator" and "Guest."

If you set it up right, a little bit of preparation and some smart home-network planning will have you cruising the net from anywhere in complete privacy.