SSL Tunneling
Written by: Matt
For Blacksun Research Facility [BSRF]
http://blacksun.box.sk
What is SSL?
SSL stands for Secure Socket Layer. The 'Secure' implies an
encryption, while Socket Layer denotes an addition to the Window Socket system,
Winsock. For those that don't know, a Socket is an attachment to a port
on a system. You can have many sockets on one port, providing they are
non-blocking (allowing control to pass through to another socket aware
application which wishes to connect to that port).
A Secure Socket Layer means that any sockets under it, are both secure
and safe. The idea behind SSL was to provide an encrypted, and thus,
secure route for traffic along a socket based system, such as TCP/IP
(the internet protocol). Doing this allows security in credit card
transactions on the Internet, encrypted and protected communiqué along a
data line, and overall peace of mind.
The SSL uses an encryption standard developed by RSA. RSA are a world
respected American organisation that specializes in encryption and data
security. Initially, they developed a cipher length of only 40 bits, for
use with the Secure Socket Layer, this was considered weak and therefore
a longer much more complicated encryption cipher was created, 128 bits.
The reasoning behind it was simple: it needs to be secure.
The RSA site puts the advantage of a longer encryption length pretty clearly:
because 40-bit encryption is considered to be relatively weak. 128-bits
is about 309 septillion times ( 309,485,000,000,000,000,000,000,000 )
larger than 40-bits. This would mean it would take that many times
longer to crack or break 128-bit encryption than it would 40-bit.
If you want more information on the technicalities or RSA's SSL
encryption engine, visit their site:
http://www.rsasecurity.com/standards/ssl.
But what does all this encryption and security have to do with you?
Well, that's a simple question. No matter how hard you try, at times
your privacy will need to be knowingly invaded so you can make use of
the product offered for doing so. If you think about food, for example,
one cannot eat without swallowing. When we wish to make a transaction or
view a site on the internet, where we have to give enough information
away so that it happens, we also want to be assured no one else along
the line gathers that data. An encrypted session would mean our data is
not at the hands of any privacy perpetrators unless they knew how to
decode it - and the only ones in the know, are those you specifically
wish. SSL uses public key encryption as explained in the PGP section.
To put this at a head: if you use an encrypted connection or session,
you can be relatively assured that there are no prying eyes along the
way.
And how do I implement SSL with SSL Tunnelling?
We know that a Secure Socket Layer is safe, but what we don't know is
what a Tunnel is. In the most simplistic form, a tunnel is a proxy. Like
proxy voting in general elections, a tunnel will relay your data back
and forth for you. You may be aware though, that there are already
'proxies' out there, and yes, that is true. Tunnelling is done via
proxies, but it is not considered to be the same as a standard proxy
relaying simply because it isn't.
Tunnelling is very special kind of proxy relay, in that it can, and does
relay data without interfering. It does this transparently and without
grievance or any care for what is passing its way.
Now, if we add this ability to 'tunnel' data, any data, in a pipe, to
the Secure Sockets Layer, we have a closed connection that is
independent of the software carrying it; and something that is also
encrypted. For those of you wanting to know a little more about the
technicalities, the SSL layer is also classless in the sense it does not
interferer with the data passed back and forth - after all, it is
encrypted and impossible to tamper with. That attribute means an SSL
capable proxy is able to transfer data out of its 'proxied' connection
to the destination required.
So to sum up, we have both a secure connection that does the job and
relays things in the right direction; and we have direct tunnel that
doesn't care what we pass through it. Two very useful, and almost blind
entities. All we need now is a secure proxy that we can use as the
tunnel.
Then proxies:
Secure proxies are alike standard proxies. We can either use an HTTP
base SSL equipped proxy - one specifically designed for security HTTP
traffic, but because of the ignorant nature of SSL communication, it can
be bent to any needs - or we can use a proper SSL service designed for
our connection - like you would use a secure NNTP (news) program with a
secure proxy on port 563 instead of taking our long way - which would
probably work as well.
A secure HTTP proxy operates on port 443. Host proxies are not public,
that means they operate for, and allow only traffic from their subnet or
the ISP that operates them - but, there are many badly configured HTTP
proxies and some public ones out there. The use of a program called
HTTrack (available on Neworder) will aid you in scanning and searching
for proxies on your network or anywhere on the Internet if your ISP does
not provide you with one.
Neworder also features a number of sites dedicated to listing public
proxies in the Anonymity section. While it's often hard to find a
suitable fast proxy, it's worth the effort when you get one.
So how can I secure my connections with SSL Tunnelling?
That's a big question, and beyond the scope out this tuition as it must
come to and end. I can however, point you in the right direction of two
resources that will aid you in tunnelling both IRC, and most other
connections via a HTTP proxy.
For Windows, the first stop would be http://www.totalrc.net's,
Socks2HTTP. This is an SSL tunnelling program that turns a normal socks
proxy connection into a tunnelled SSL connection.
The second stop, for both Windows and Unix is stunnel. Stunnel is a GNU
kit developed for SSL tunnelling any connection. It is available for
compile and download as binary here: Stunnel homepage -
http://mike.daewoo.com.pl/computer/stunnel
Matt
Oh, lastly, I do have an old security 'tip' I've written up (sadly it
made neworder first, I'm sorry, but I do like neworder!) and has
promptly vanished off the edge of the board for ever.
It's not as long as above, half the size, and talks about "find /home
--perm 0777 -type f --print >> worldwriteable.txt" :)))