Jalil Vaidya

Virtual home in cyberspace!

Fly Across The Firewall...

Internet started out as a medium to exchange or share information. Information of any kind, good or bad, can be shared openly. As is evident, almost any kind of information can be found on the internet. If there is something you are looking for, chances are that you will find it somewhere on internet. Someone, somewhere has already thought about what you just thought and has put it online. Not only you are able to find/share/exchange information freely on internet, you are able to communicate freely and easily with anyone in this world no matter where they are or where you are. Obviously not everyone likes this....

Governments and Corporations are the two of many entities that don't like people being able to communicate and exchanges their ideas and views freely with others. They have their vested interests which make sense only to them and are not for the benefit of the people. Governments of countries like China and few in Middle-East don't want their people to communicate easily or access information from rest of the world. They probably fear that people will get educated and become aware of their human rights and then overthrow the government and will end their regim. So, their excuse to blocking or controlling access to internet is that the information available on internet will "corrupt" minds of their people and they have to "protect" their people. Yeah, right!

Corporations fear that they might loose their employees or trade secrets to the competetior if employees are easily able to communicate with rest of the world. There are many other reason that can create a list longer than an encyclopedia. What do they block primarily ? Job sites, email sites, forums and message boards, sites that provide any kind of information that can "harm" the company. What they fail to understand is that what employees cannot do at work, they can do at home on their own computers and internet account or go to a friend's place or cybercafe. But still they fail to acknowledge this simple possibility. Well, those things aside, the reason they give is that unrestricted access to internet will eat-up the bandwidth of their network and they will have to spend more on infrastructure. Well, if your business depends on something then you are sure to spend a little more but who am I to say that.

The usual methods employed by anyone to restrict the access to internet is using proxies and firewalls. If you are restricted to free (as in freedom) and full access to internet by a firewall or proxy then read on, you might find a way around it.....

When a computer is connected to internet, any requests made by a browser results in to direct connection to the server on the internet. This is a typical scenario for any home user. When you are connecting from behind a proxy or a firewall, the situation is a little different. The browser already knows about the existence of the proxy and that it cannot connect directly to the server on the internet. When a request is made, the browser will connect to the proxy and make a request to the proxy. The proxy will connect to the server on the internet, get the data and return it back to the browser that made the request. This is a typical scenario when you are behind a proxy or a firewall in a company or a country. Since every request you make goes to a proxy first, the proxy has the power to accept your request and get the data for you or reject your request and block the site or resource that you are trying to access. Since you do not have any direct connection to the internet and the proxy is your only gateway to the internet you are at the mercy of the proxy and have to content with what proxy lets you do and what it doesn't.

So what do you do when you find yourself in the situation like this ? Half the answer is already above. As you know by now, a proxy can take your request, get the data you requested and return it to you. The reason proxy is able to block a site is because it alread knows about the site and has been instructed to block it via its . Now, internet is very huge with millions of sites. It is not possible that proxy will know all these sites. The site that proxy doesn't know will not be in its blocking list and hence won't be blocked. So if there is a site which is running a proxy and if your company's or country's proxy doesn't know about it then you can use that external proxy to access the site you want. The blocking proxy will think of the external proxy as if it were just another site. The external proxy will get the data from the site you wish and provide it to you. The blocking proxy will always think that you are accessing a site that it doesn't block. There are many such external proxies open to public scattered all around the world like Annonymizer or Guardster or MagusNet etc. There are some sites like http://www.publicproxyservers.com/ or http://www.freepublicproxies.com/ which list the open proxies. Just make a google search for "public proxy" and you will find ton of sites which either host a proxy or have a list of public proxies. Some of the proxies liek MagusNet also provide SSL encryption, just like E-Commerce sites, to protect your privacy and hide your data.

The public proxies can be classified into two types. The first kinds are, what I call, online or web based proxies. The online proxies work the same way as any other website. You just go to their site and enter the site that you want to visit that is blocked by your company's or country's blocking proxy. To use some online proxies you have to create a special kind of URL or web address. It is usually in the format: http://www.proxysite.com/-_-http://www.siteyouwanttovisit.com. Usually the proxy sites provide you information about how to use the proxy.

There are several problems with online or web based proxies. The first is that they work just like anyother web site. Your proxy administrator may already know about these proxy sites and might be blocking it ͨ5¥ady so you cannot use them. Second, as I mentioned before, some proxies need a special format of URL. As you start using this kind of proxy, you will immediately notice that it becomes very tedious to create the special URL for everysite you want to visit. The third problem is redirection. Many sites, especially those free email sites, redirect you to some other page when you visit their site. Such redirections are not handled very well by most of these online proxies.

The second kind of proxies are just like the ones being used by your company. To use these proxies you have to enter them in the browser settings. But since your browser must be set to your company's proxy just to access the internet you cannot use these proxies from your company. These kinds of proxies are usually used by home users (or users having direct connections to the internet) to protect their privacy and remain anonymous. The users behind the restricting countries can also use these proxies as they don't have to set their browsers to any proxy. The traffic going in and out of the country is blocked by transparent proxies.

The online proxy may be blocked or very tedious to use or may not work for sites you want to visit. The second kinds of proxies may not be possible for you to use if you are behind a company proxy or your country might be blocking them. So where does this leave you ? Feeling lost aren't ya ? The answer is set up your own proxy at home or elsewhere in conjunction with SSH.

SSH stands for Secure SHell. Shell is commonly known as command prompt in Windows world. Those comming from Unix background know what shell is. Unix machines are usually remotely controlled. The administrator logs in remotely to shell using telnet or rsh to control the machine. These methods of remote login are not secure. Therefore a protocol was developed by Tatu Ylönen called Secure Shell or SSH. SSH encrypts the connection between client and server protecting the data from being evesdropped. A commercial implementation of SSH is available from SSH Communications, a company created by the founder of SSH. There is an Open Source version of SSH available called OpenSSH and is free for anyone to use. OpenSSH was orignally developed for OpenBSD operating system by their developers. It has been ported to other operating systems ever since. A Cygwin port is available for those using Windows. Cygwin is a posix emulation layer for Windows which emulates Unix environment. SSH consists of two parts, a Server and a Client. A server or a demon called sshd runs on the machine that you want to remotely control. A client, that can be run from any machine, is used to connect to the remote machine that runs the sshd server. The connection between client and server is encrypted using SSH protocol. There are two SSH protocol that can be used viz. SSH1 and SSH2. It is strongly recommended that SSH2 be used as SSH1 is not that secure. Encryption is provided using variety of schemes such as DES, Blowfish etc. To encrypt a connection a key pair consisting of a Public key and a Private key is generated. Public key is stored on machine running the sshd server. The data encrypted by Public key can only be decrypted by Private key. This provides a secure way of communication between client and the server.

To be able to freely access any site on the internet, you will need following things:

This article was last updated by Jalil on December 25, 2002 10:39 PM