Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
Changed: | ||||||||
< < | Secure web connections | |||||||
> > | Web proxies | |||||||
Line: 71 to 71 | ||||||||
Look at the top of the web page. You'll see a pop-up menu with both http:// and https:// as options. Select the appropriate prefix for the site you're trying to reach, then enter the rest of the URL. Hit ENTER to visit that web page. | ||||||||
Changed: | ||||||||
< < | That's it! All the links you click on will be routed through the firewall. You'll see that the URL in the browser will always adjust to being with vpn.nevis.columbia.edu . | |||||||
> > | That's it! All the links you click on will be routed through the firewall. You'll see that the URL in the browser will always adjust to begin with vpn.nevis.columbia.edu . | |||||||
To stop using WebVPN, just close the browser window or tab that has https://vpn.nevis.columbia.edu in its name. |
Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
Secure web connections | ||||||||
Line: 13 to 13 | ||||||||
It's a good idea to check out these secure network warnings before you start. | ||||||||
Changed: | ||||||||
< < | Web proxiesWhy use a web proxy? | |||||||
> > | Why use a web proxy? | |||||||
It has now become trivially easy to "hijack" an insecure network connection on a public network. Here is an example![]() ![]() | ||||||||
Changed: | ||||||||
< < | The Nevis proxy server | |||||||
> > | The Nevis proxy server
| |||||||
Changed: | ||||||||
< < | The advantage of this method is that it can be used by anyone with an account at Nevis. The disadvantage is that it's harder to set up. | |||||||
> > |
| |||||||
To make a secure connection to a proxy server requires two steps: | ||||||||
Changed: | ||||||||
< < | Forward a secure port from your laptop to the web proxy | |||||||
> > | Forward a secure port from your laptop to the web proxy | |||||||
The simplest way to accomplish this step is to use SSH![]() ![]() | ||||||||
Changed: | ||||||||
< < | Mac or Linux | |||||||
> > | Mac or Linux | |||||||
If your laptop runs Mac OS X or Linux, ssh will already be installed. Open a terminal window and type the following command: | ||||||||
Line: 41 to 41 | ||||||||
where <user> is the name of your account on the Nevis Linux cluster. You will be prompted to enter your Nevis password (unless you've set up an ssh private key![]() | ||||||||
Changed: | ||||||||
< < | WindowsInstall PuTTY![]() C:\Program Files\PuTTY :
"c:\Program Files\PuTTY\putty.exe" -ssh -x -N -L 8888:proxy.nevis.columbia.edu:3128 <user>@proxy.nevis.columbia.eduwhere <user> is the name of your account on the Nevis Linux cluster. A new window will open, and you will be prompted to enter your Nevis password. If everything works, you won't see anything more happen in the new window. | |||||||
> > | Windows | |||||||
Changed: | ||||||||
< < | Alternatively, a user can store an ssh connection to proxy.nevis.columbia.edu in PuTTY. Select "Close Window on Exit->Never" under the Session and check "Don't start a shell or command at all" under Connection->SSH. Then under "Connection->SSH->Tunnels" enter "8888" as source port and "proxy.nevis.columbia.edu:3128" as destination port, click Add, and then go back to "Session" and save this information. Opening this stored connection should then be equivalent to the command given above. | |||||||
> > | Install mobaXterm![]() ![]() localhost to port 3128 on proxy.nevis.columbia.edu . | |||||||
Changed: | ||||||||
< < | Set up the proxy in your web browser | |||||||
> > | Set up the proxy in your web browser | |||||||
This is a one-time procedure. You may want to turn off the proxy setting off (for example, if you've lost the SSH connection or you're on a secure network) but you normally don't have to type it into your browser preferences again. | ||||||||
Changed: | ||||||||
< < | Firefox (or any Mozilla
| |||||||
> > | Typically this is configured in a option with a name like "Change how your browser connects to the internet" or just "configure proxy." You want to connect via localhost:8888 . | |||||||
Changed: | ||||||||
< < | To make a secure web connection using our firewall: | |||||||
> > | The firewall's web proxy server (WebVPN) | |||||||
Changed: | ||||||||
< < | Create a VPN account | |||||||
> > |
| |||||||
Changed: | ||||||||
< < | You can stop by the office of WilliamSeligman (room 116) at Nevis; it takes about three minutes to create a VPN account on the firewall. | |||||||
> > |
| |||||||
Changed: | ||||||||
< < | An alternative is to e-mail![]() ![]() | |||||||
> > | To make a secure web connection using our firewall: | |||||||
Connect to the firewall via your web browser.The URL ishttps://vpn.nevis.columbia.edu | ||||||||
Changed: | ||||||||
< < | If you see a message about certificates, indicate that you accept it. | |||||||
> > | If you see Group menu, select Nevis if it's not already selected.
Use the same account name and password from your Nevis Linux cluster account.
Using WebVPNLook at the top of the web page. You'll see a pop-up menu with bothhttp:// and https:// as options. Select the appropriate prefix for the site you're trying to reach, then enter the rest of the URL. Hit ENTER to visit that web page.
That's it! All the links you click on will be routed through the firewall. You'll see that the URL in the browser will always adjust to being with vpn.nevis.columbia.edu . | |||||||
Deleted: | ||||||||
< < | At the screen, you'll be prompted for the username and password you created during the previous step. Type the URL of the web page you want to visit in the Cisco screen. Note the icons which will be, by default, on the top right-hand corner of every page; tooltips will appear when you hover the mouse over them. | |||||||
\ No newline at end of file | ||||||||
Added: | ||||||||
> > | To stop using WebVPN, just close the browser window or tab that has https://vpn.nevis.columbia.edu in its name. |
Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
Secure web connections | ||||||||
Line: 11 to 11 | ||||||||
| ||||||||
Added: | ||||||||
> > | It's a good idea to check out these secure network warnings before you start. | |||||||
Web proxiesWhy use a web proxy? |
Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
Changed: | ||||||||
< < | Secure connections at Nevis | |||||||
> > | Secure web connections | |||||||
Changed: | ||||||||
< < | While you work inside Nevis, your computers are protected by our firewall. When you use a system outside of Nevis, you can still take advantage of our network security by making a secure connection. There are two types available:
| |||||||
> > | While you work inside Nevis, your computers are protected by our firewall. When you use a system outside of Nevis, you can still take advantage of our network security by making a secure connection. There are two types available: a web proxy, and VPN. This page discusses two forms of web proxies:
| |||||||
Web proxies | ||||||||
Line: 127 to 128 | ||||||||
Connect to the firewall via your web browser. | ||||||||
Changed: | ||||||||
< < | The URL is https://129.236.255.60 | |||||||
> > | The URL is https://vpn.nevis.columbia.edu | |||||||
If you see a message about certificates, indicate that you accept it. At the screen, you'll be prompted for the username and password you created during the previous step. Type the URL of the web page you want to visit in the Cisco screen. Note the icons which will be, by default, on the top right-hand corner of every page; tooltips will appear when you hover the mouse over them. | ||||||||
Deleted: | ||||||||
< < |
VPN network connectionWhy use VPN?By using VPN, you can establish a direct connection to the local network at Nevis from the outside. Normally, to access a machine on the local network, you use ssh![]() Create a VPN accountThis is the same account/procedure as with the firewall's proxy above: You can stop by the office of WilliamSeligman (room 116) at Nevis; it takes about three minutes to create a VPN account on the firewall. An alternative is to e-mail![]() ![]() Configure a VPN client.If you don't have a Macintosh running Snow Leopard or later, you'll have to get and configure the VPN client program from CIsco.Install the Cisco VPN clientDownload![]() Using the VPN clientOn the Cisco VPN client, you need to create a new connection: Connection Entry - can be anything; e.g., "Nevis"Description - again, can be anything or left blank Host - 129.236.255.60 Group Authentication Name: Nevis Password: higgsino Confirm Password: higgsino Then click on "Connect". Enter your VPN account name and password. Mac VPN clientOne-time configurationOpen System Preferences > Network and click on the + symbol. Add a VPN Interface of type "Cisco IPsec", give it a good new name (I usedVPN (Nevis) ), and click on "Create".
Server address: 129.236.255.60 Click on "Authentication Settings" Shared secret: higgsino Group Name: Nevis Click "OK" Account name = the VPN account name created on the firewall Leave the password blank; the server will prompt for it each time even if you fill this in. Click on "Connect" Using the built-in Mac VPN clientIt is a good idea to click on "Show VPN status in menu bar". You get a one-click solution to open a VPN connection. Otherwise, you'll have to go to the Network Preferences Pane and click on the "Connect" button each time. That's it. You should now be able to directly connect to any system on the local network; e.g., winnie.nevis.columbia.edu. | |||||||
\ No newline at end of file |
Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
Secure connections at Nevis | ||||||||
Line: 174 to 174 | ||||||||
One-time configuration | ||||||||
Changed: | ||||||||
< < | Open System Preferences > Network and click on the + symbol. Add a VPN Interface of type "Cisco IPsec", give it a good new name (I used VPN (Nevis) , and click on "Create". | |||||||
> > | Open System Preferences > Network and click on the + symbol. Add a VPN Interface of type "Cisco IPsec", give it a good new name (I used VPN (Nevis) ), and click on "Create". | |||||||
Server address: 129.236.255.60 Click on "Authentication Settings" |
Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
Secure connections at Nevis | ||||||||
Line: 147 to 147 | ||||||||
This is the same account/procedure as with the firewall's proxy above: You can stop by the office of WilliamSeligman (room 116) at Nevis; it takes about three minutes to create a VPN account on the firewall. An alternative is to e-mail![]() ![]() | ||||||||
Changed: | ||||||||
< < | Install the Cisco VPN client | |||||||
> > | Configure a VPN client.If you don't have a Macintosh running Snow Leopard or later, you'll have to get and configure the VPN client program from CIsco.Install the Cisco VPN client | |||||||
Download![]() | ||||||||
Changed: | ||||||||
< < | Using the VPN client | |||||||
> > | Using the VPN client | |||||||
On the Cisco VPN client, you need to create a new connection: | ||||||||
Line: 166 to 170 | ||||||||
Then click on "Connect". Enter your VPN account name and password. | ||||||||
Added: | ||||||||
> > | Mac VPN clientOne-time configurationOpen System Preferences > Network and click on the + symbol. Add a VPN Interface of type "Cisco IPsec", give it a good new name (I usedVPN (Nevis) , and click on "Create".
Server address: 129.236.255.60 Click on "Authentication Settings" Shared secret: higgsino Group Name: Nevis Click "OK" Account name = the VPN account name created on the firewall Leave the password blank; the server will prompt for it each time even if you fill this in. Click on "Connect" Using the built-in Mac VPN clientIt is a good idea to click on "Show VPN status in menu bar". You get a one-click solution to open a VPN connection. Otherwise, you'll have to go to the Network Preferences Pane and click on the "Connect" button each time. | |||||||
That's it. You should now be able to directly connect to any system on the local network; e.g., winnie.nevis.columbia.edu. |
Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
Secure connections at Nevis | ||||||||
Line: 36 to 36 | ||||||||
ssh -fxNL 8888:proxy.nevis.columbia.edu:3128 <user>@proxy.nevis.columbia.edu | ||||||||
Changed: | ||||||||
< < | where <user> is the name of your account on the Nevis Linux cluster. You will be prompted to enter your Nevis password (unless you've set up an ssh private key![]() | |||||||
> > | where <user> is the name of your account on the Nevis Linux cluster. You will be prompted to enter your Nevis password (unless you've set up an ssh private key![]() | |||||||
Windows | ||||||||
Line: 135 to 135 | ||||||||
VPN network connection | ||||||||
Added: | ||||||||
> > | Why use VPN? | |||||||
By using VPN, you can establish a direct connection to the local network at Nevis from the outside.
Normally, to access a machine on the local network, you use ssh![]() | ||||||||
Line: 162 to 164 | ||||||||
Password: higgsino Confirm Password: higgsino | ||||||||
Added: | ||||||||
> > | Then click on "Connect". Enter your VPN account name and password. | |||||||
That's it. You should now be able to directly connect to any system on the local network; e.g., winnie.nevis.columbia.edu. |
Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
Changed: | ||||||||
< < | Nevis web proxy | |||||||
> > | Secure connections at Nevis | |||||||
Changed: | ||||||||
< < | The information on this page is of use to you only if:
| |||||||
> > | While you work inside Nevis, your computers are protected by our firewall. When you use a system outside of Nevis, you can still take advantage of our network security by making a secure connection. There are two types available:
| |||||||
Changed: | ||||||||
< < | Warning: This procedure described on this page is not difficult, but it is certainly not trivial. Eventually, the web-browser developers will make this procedure automatic. Until then, if you want a secure web connection, you have to configure it manually. | |||||||
> > | Web proxies | |||||||
Changed: | ||||||||
< < | What it's for | |||||||
> > | Why use a web proxy? | |||||||
It has now become trivially easy to "hijack" an insecure network connection on a public network. Here is an example![]() ![]() | ||||||||
Changed: | ||||||||
< < | How to use it | |||||||
> > | The Nevis proxy server | |||||||
Changed: | ||||||||
< < | To make a secure connection to a web proxy requires two steps: | |||||||
> > | The advantage of this method is that it can be used by anyone with an account at Nevis. The disadvantage is that it's harder to set up. | |||||||
Changed: | ||||||||
< < | Forward a secure port from your laptop to the web proxy | |||||||
> > | To make a secure connection to a proxy server requires two steps:
Forward a secure port from your laptop to the web proxy | |||||||
The simplest way to accomplish this step is to use SSH![]() ![]() | ||||||||
Changed: | ||||||||
< < | Mac or Linux | |||||||
> > | Mac or Linux | |||||||
If your laptop runs Mac OS X or Linux, ssh will already be installed. Open a terminal window and type the following command: | ||||||||
Line: 36 to 38 | ||||||||
where <user> is the name of your account on the Nevis Linux cluster. You will be prompted to enter your Nevis password (unless you've set up an ssh private key![]() | ||||||||
Changed: | ||||||||
< < | Windows | |||||||
> > | Windows | |||||||
Install PuTTY![]() C:\Program Files\PuTTY :
| ||||||||
Line: 49 to 51 | ||||||||
Alternatively, a user can store an ssh connection to proxy.nevis.columbia.edu in PuTTY. Select "Close Window on Exit->Never" under the Session and check "Don't start a shell or command at all" under Connection->SSH. Then under "Connection->SSH->Tunnels" enter "8888" as source port and "proxy.nevis.columbia.edu:3128" as destination port, click Add, and then go back to "Session" and save this information. Opening this stored connection should then be equivalent to the command given above. | ||||||||
Changed: | ||||||||
< < | Set up the proxy in your web browser | |||||||
> > | Set up the proxy in your web browser | |||||||
This is a one-time procedure. You may want to turn off the proxy setting off (for example, if you've lost the SSH connection or you're on a secure network) but you normally don't have to type it into your browser preferences again. | ||||||||
Changed: | ||||||||
< < | Firefox (or any Mozilla | |||||||
> > | Firefox (or any Mozilla | |||||||
| ||||||||
Line: 70 to 72 | ||||||||
The next time you load a web page, your browser will prompt you for your Nevis account name and password. | ||||||||
Changed: | ||||||||
< < | Safari on Mac OS X | |||||||
> > | Safari on Mac OS X | |||||||
| ||||||||
Line: 86 to 88 | ||||||||
The next time you load a web page, the Keychain program will ask for permission to access your account information; click on "Always allow". | ||||||||
Changed: | ||||||||
< < | Internet Explorer on Windows | |||||||
> > | Internet Explorer on Windows | |||||||
| ||||||||
Line: 99 to 101 | ||||||||
The next time you load a web page, your browser will prompt you for your Nevis account name and password. | ||||||||
Changed: | ||||||||
< < | Skip SSH? | |||||||
> > | Skip SSH? | |||||||
If you're technically inclined, you might have realized that it's not "mechanically" necessary to do port-forwarding via SSH. It far simpler just to put in proxy.nevis.columbia.edu for the proxy server, and 3128 for the proxy port.
This will work. It's also foolish. If you do this, you will still be prompted for your Nevis account name and password when you access web pages, and that information will be sent over the network in clear text. It's also possible that this will still enable a sniffer to capture your web session cookies, which is the point of this exercise.
So don't skip the SSH port forwarding. | ||||||||
Added: | ||||||||
> > |
The firewall's proxy serverThe advantage of this method is that it's much easier to set up than the elaborate method above. The disadvantages are:
Create a VPN accountYou can stop by the office of WilliamSeligman (room 116) at Nevis; it takes about three minutes to create a VPN account on the firewall. An alternative is to e-mail![]() ![]() Connect to the firewall via your web browser.The URL ishttps://129.236.255.60
If you see a message about certificates, indicate that you accept it.
At the screen, you'll be prompted for the username and password you created during the previous step. Type the URL of the web page you want to visit in the Cisco screen. Note the icons which will be, by default, on the top right-hand corner of every page; tooltips will appear when you hover the mouse over them.
VPN network connectionBy using VPN, you can establish a direct connection to the local network at Nevis from the outside. Normally, to access a machine on the local network, you use ssh![]() Create a VPN accountThis is the same account/procedure as with the firewall's proxy above: You can stop by the office of WilliamSeligman (room 116) at Nevis; it takes about three minutes to create a VPN account on the firewall. An alternative is to e-mail![]() ![]() Install the Cisco VPN clientDownload![]() Using the VPN clientOn the Cisco VPN client, you need to create a new connection: Connection Entry - can be anything; e.g., "Nevis"Description - again, can be anything or left blank Host - 129.236.255.60 Group Authentication Name: Nevis Password: higgsino Confirm Password: higgsino That's it. You should now be able to directly connect to any system on the local network; e.g., winnie.nevis.columbia.edu. |
Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
Added: | ||||||||
> > |
Nevis web proxy
What it's forIt has now become trivially easy to "hijack" an insecure network connection on a public network. Here is an example![]() ![]() How to use itTo make a secure connection to a web proxy requires two steps:Forward a secure port from your laptop to the web proxyThe simplest way to accomplish this step is to use SSH![]() ![]() Mac or LinuxIf your laptop runs Mac OS X or Linux,ssh will already be installed. Open a terminal window and type the following command:
ssh -fxNL 8888:proxy.nevis.columbia.edu:3128 <user>@proxy.nevis.columbia.eduwhere <user> is the name of your account on the Nevis Linux cluster. You will be prompted to enter your Nevis password (unless you've set up an ssh private key![]() WindowsInstall PuTTY![]() C:\Program Files\PuTTY :
"c:\Program Files\PuTTY\putty.exe" -ssh -x -N -L 8888:proxy.nevis.columbia.edu:3128 <user>@proxy.nevis.columbia.eduwhere <user> is the name of your account on the Nevis Linux cluster. A new window will open, and you will be prompted to enter your Nevis password. If everything works, you won't see anything more happen in the new window.
Set up the proxy in your web browserThis is a one-time procedure. You may want to turn off the proxy setting off (for example, if you've lost the SSH connection or you're on a secure network) but you normally don't have to type it into your browser preferences again. Firefox (or any Mozilla
|