Lewis' Blog Tales from the trenches of information technology

11Nov/112

Three good ways to thwart tracking attempts on the net

Download PDF

There is a lot of malicious junk floating about the net.I know; that's not a real surprise. Under normal circumstances, a good (standalone) firewall will keep one reasonably safe from the worst of it. However for those of us who travel, it's a constant challenge to keep up with personal firewall tweaking and such, and still, unless one is really running the kinds of stuff typically found in a UTM (Unified Threat Management) solution, just tweaking some firewall rules just isn't going to cut it.

[Shameless plug: Rosenthal & Rosenthal is an Astaro consultancy. If you know of anyone with a need for a truly solid firewall, email filter/scanner, VPN concentrator, etc., referrals are welcome.]

So, what can one do while traveling? Trust the hotel firewall? I think not. Here are three quick tips to help keep your system clean from would-be spoofers and such:

HOSTS file

A quick edit of your hosts file to loop back known bad sites to localhost (127.0.0.1) is a good start. To get started, have a look at the list compiled here. This will make some web pages look rather ugly, as the browser brings up the dreaded "cannot access..." in various iFrames and such, but it will speed browsing and keep that excess junk from cluttering the screen.

Squid proxy settings

Squid is great. You can do a lot of things with Squid, such as block entire IP ranges from getting in (or going out to them), which improves performance considerably. I'll post more on Squid configuration in a later article. For now, suffice it to say that Squid can be used as a pseudo-firewall (you just have to not defeat it by turning it off, but this is true of software firewalls, as well).

Privoxy

Another type of proxy is a privacy screen. Enter Privoxy to the scene. One of the annoying characteristics of most web surfing from modern browsers (and ancient ones) is that we tend to leave behind more than we take with us. To truly surf anonymously requires some type of anonymizer, and Privoxy is a good choice (this way, your travels don't follow you home, when you finally do get behind your warm and cozy hardware firewall). A couple interesting guides for chaining Squid to Privoxy (or vice-versa) may be found here and here. Again, I'll post more on this in a subsequent piece, but for now, suffice it to say that this is an excellent addition to your arsenal.

These are but three fairly quick and simple (well, they can be less complicated than others, at least) ways to browse more safely, and are of particular usefulness when away from home (or the office), where the bastion server is unknown and likely not to be trusted. In time, I'll flesh in more details and tips for configuring each of these solutioins.

Happy browsing.

Comments (2) Trackbacks (0)
  1. Lewis,

    Privoxy looks really interesting. Thanks for pointing that out. Especially nice because its open source (I’ll tolerate the fact that it aligns itself in the “Free Software” camp). I will be playing with it for sure.

    With regard to the host file, one of the features of SpyBot is that it adds a lot of malicious domains to your host file pointing to the loopback address. I’ve used it in the past, and I still recommend it to friends. If you have someone that isn’t tech-savvy, but will religiously run a program and click the next button if you tell them too, its pretty good preventive medicine on windows.

    I’m definitely looking forward to any articles you write on squid. I used it once as a transparent proxy when I had a boss that wanted to monitor internet usage, but I never delved to deep into it. I did hear a nice talk about it from one of the devs at a NYCBSD Con a few years ago at Columbia University.

    • Indeed, I’ll post some specifics on these topics – particularly Privoxy – when I get a few minutes to sink my teeth in and get a good feel for the setup (which I have not, as yet).

      Squid is excellent, and I’ve had much more experience with it than with Privoxy (I run Squid every day, both on my Astaro firewalls and on my local machine, where I also run Squirm, which is a redirector for Squid). Because you asked, Justin, I’ll bump this up my list!

      Thanks for the mention of SpyBot. I was not aware that it had that capability; a definite plus. 😉


Leave a comment

No trackbacks yet.