diff options
Diffstat (limited to 'old/published/How To Wiki/howtoevadecorpfirewall.txt')
-rw-r--r-- | old/published/How To Wiki/howtoevadecorpfirewall.txt | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/old/published/How To Wiki/howtoevadecorpfirewall.txt b/old/published/How To Wiki/howtoevadecorpfirewall.txt new file mode 100644 index 0000000..f9b68ff --- /dev/null +++ b/old/published/How To Wiki/howtoevadecorpfirewall.txt @@ -0,0 +1,44 @@ +Censorship has never been popular with Americans. Unfortunately for most, censorship is very popular with American companies, whether it's to keep you from wasting your time checking Facebook or to stop potential viruses, most corporate networks impose some level of censorship on the protocols or even sites employees can visit. + +The situation is even worse for those outside the U.S. Many countries outright band certain sites and others provide only limited access to outside sites at all. + +Naturally there are ways around most of these roadblocks, but many are not for the faint of heart. Not only do some of these technique require a reasonable degree of computer knowhow, they also could get you fired. Or worse. + +But for those undaunted, here's our guide to circumventing internet censorship. + +#Web-based circumventors + +The simplest, and also least effective, thing you can try is a web-based circumventor. Web-based circumvention systems have the advantage of being dead simple. There's no software to install, just point your browser to the site and see if it works. + +The longtime favorite in this realm was Anonymizer, but the site has since discontinued its web-based service. Instead try "Anonymouse.org"<http://anonymouse.org/> or The Cloak"<http://www.the-cloak.com/>. Both are free but bear in mind your data, while anonymous, could be viewed by an admin on your corporate network. + +The other chief disadvantage of these services is that many services that require authentication (e-mail, Facebook, etc) may not work properly. Also bear in mind that SSL is often not available. + +Another trick that sometimes works is to use Google's translation services. Due to way the translation service is configured it works as a proxy, the trick is to tell it to convert from English to English (your or native language). The URL will look like this http://www.google.com/translate?langpair=en|en&u=www.dontgohere.com, where dontgohere.com is the site you want to see. + +A more sophisticated approach is to use a web-based proxy. CGIProxy is popular perl script that can act as an HTTP or FTP proxy. The site "Peacefire"<http://www.peacefire.org/circumventor/> offers a tool named Circumventor which wraps an automated installer program around CGIProxy making it easy for the non-technical user to set up the script. + +#Proxies + +The next step up is a true proxy server. A "proxy server" sits between a client (your browser) and the web server you're trying to reach. Unlike the web-based services a dedicated proxy can web traffic (HTTP), file transfers (FTP) and encrypted traffic (SSL). + +Perhaps the best known use of proxies is with ssh. With "Open SSH"<http://www.openssh.com/>, a free implementation of SSH, you can set up a proxy on your computer that allows you to browse sites via an encrypted connection. This prevents your corporate or government overlords from eavesdropping on your activities. + +To set up ssh you'll need an to have a trusted server with ssh access. Most better web-hosting plans, including a few free ones, offer such services. + +Once you have Open SSH installed and a server to connect to, fire up the terminal and enter: + +ssh -Nf username@hostaddress.com -D 1080 + +The last bit of that line refers to the port number. Depending on your hosting service and what ports your firewall blocks you may need to adjust it. + + +Now you need to tell your browser to use the tunnel we just created. Open up the preference panel in your browser and there should be an option to configure how the browser connects to the internet. Choose "manual" and the look for the SOCKS Host line and enter "localhost" + +The most sophisticated approach to evading a firewall is set up port forwarding on an always-on home server. The first step is to install Open SSH on your home machine and change the port to 443 in the config file. Now configure your router to forward 443 to your internal IP. + +For a proxy, you can install "Squid"<http://www.squid-cache.org/>, which uses port 3128. So once you have Squid installed and configured, change your browser proxy to use localhost 3128. + +Also note that with a setup like this you can use Remote Desktop software to access files on your home machine and even set up a program like "Hamachi"<https://secure.logmein.com/products/hamachi/vpn.asp?lang=en> to serve music and video to remote locations. + +Note that none of these methods is guaranteed to work and all have potential pitfalls. Be sure to read up on some the potential problems and security concerns at the well-maintained "Reporters Sans Frontières"<http://www.rsf.org/article.php3?id_article=15037#5> site.
\ No newline at end of file |