How to Set Up a Secure Web Tunnel

If you work on the go fairly often, you’ve probably hopped on a public wireless network at least once or twice. You should have also figured out how to keep your data safe when you’re on such a network, by taking precautions such as using your company’s virtual private network–if available–or an encrypted Web tunnel such as Hotspot Shield.

If you don’t have a company VPN and you don’t want to deal with Hotspot Shield’s banner ads, however, you can still secure your wireless traffic without breaking the bank by setting up your own secure Web tunnel and gaining a private, encrypted Internet connection free from eavesdroppers.

Tunneling Your Traffic

Whether the public wireless network you use is password-protected or pay-per-minute, anyone who connects to the network could spy on your HTTP traffic–restaurant patrons, other people in your airport concourse, or other paying subscribers of a commercial hotspot provider.

You can fix this problem by creating an encrypted tunnel through which you can send Web traffic that originates at your laptop and ends at a known location (the tunnel “endpoint”). From there, the tunnel routes your Web requests to the public Internet. Of course, once the traffic is outside the tunnel, it’s subject to the usual potential scrutiny–from ISPs, law enforcement, or the like–but while your data is traveling through the public-access Wi-Fi hotspot, your Web surfing is secure.

VPN tunnel over public Wi-Fi

In the diagram above, regular users of the coffee shop’s wireless hotspot take the direct route to a Website (in red), but you use an encrypted tunnel (in blue) to shield yourself in the hotspot network. Once you are at your tunnel endpoint, your Web traffic travels through the Internet via regular unencrypted methods (again, in red) to arrive at the destination Website.

Easy, Cheap Security via SSH

The easiest way to set up your own secure Web tunnel starts with paying a monthly fee for a hosting company to do all the difficult work of obtaining a server, installing an operating system, and making sure the server stays online 24 hours a day with plenty of backup generator power. I prefer this approach because you don’t have to fuss with any firewalls back at home, and you don’t have to leave a computer running when you’re on the road.

Any inexpensive shared-hosting provider will do for your purposes, as long as the company provides access to a secure shell (SSH) server. SSH was created as an encrypted version of telnet, one of the Internet’s original protocols, used to send character information between computers. (If you’ve ever seen a Hollywood computer thriller showing a green screen and hackers typing away furiously, they’re probably using SSH or telnet, depending on how well the screenwriters did their research.)

I personally prefer HostGator, which has a large data center in Houston. The company’s basic “Hatchling” hosting package is almost $5 per month, so for three nickels a day you can have your own secure tunnel. Once HostGator creates your account, you receive your login information and your assigned server. From there, you can set up an impromptu Web proxy by issuing SSH commands. I’ll demonstrate both OS X and Windows versions; Linux users can follow along and make minor adjustments where necessary.

Get an SSH Client

OS X ships with a command-line SSH client, so all you need to do is open Terminal (located in the Utilities folder within your Application folder). You will see a command prompt that has your username and your computer’s name, followed by the $ symbol. All of the commands in the following sections will be things that you type just beside that symbol.

On Windows, you need to download an SSH client. You have many to choose from, but a popular freeware client is PuTTY.


About the author