 We know secure shell we can issue commands on other computers and Those commands are sent by a secure connection Their concept is we have a client application my secure shell client secure shell server and They send data and it's encrypted. Well, this is in the unsecured tcp connection when we use secure shell It's encrypted Now one benefit of secure shell is we don't have to send commands to to simply Look on a computer like LS we can send other things as data and it still be encrypted and secure shell can be used for tunneling the concept of sending data to servers To be forwarded on to another location There are different ways to do this, but it's probably best Illustrated by a quick a quick example. Let me access a website and show you What is my IP address I'm going to visit a website called. What is my IP address dot-com and This is a website which quite simply When you send a message to the website the website receives a packet the source IP address identifies me So then it prints the source IP address on the screen Open your phone and access that same website now What is my IP address dot-com? Check your IP address What do you get anyone? same Some people getting the same IP address 203 dot 131 dot 209 dot 66 maybe slightly different Anyone get a different one? This is an easy task visit a website same one, okay So you can use other websites to show what is your IP address? This is an easy one But you're all experts on the internet and everything I taught you last semester was saying that computers have different IP addresses Two computers should have two different IP addresses. Why when all of us? Accessing this website this website says we all have the same IP address Why is that if I check my computer and Your computer and look at the IP addresses on the settings. I think it will not be the same In fact mine is not this mine is something like 1010 3.50 or something on my computer The way that the internet commonly works and that's networks are set up is that Everyone inside an organization Everyone inside SIT has a unique IP address But whenever you contact someone outside of SIT There's a special server in SIT that Changes your internal IP address to a external public IP address and the public IP address Everyone gets is this one so from the outside world's perspective It Recognize all of us as the same computer But we know they are different What's the name of this thing that converts from our internal IP address to a public IP address? Started with dr. Conwood. I think this semester maybe Maybe you study it this week Network address translation if you see and sometimes you're set up of your home router or you want to set up special network services NAT on that This is translating internal addresses to a public IP address There are reasons for doing it mainly saving on IP addresses. There are not so many to go around So we share some That's not the point here. The point is that the server can identify me Well, not exactly my computer, but it does identify that I'm within Thomas Art University Let's change some settings What I'm going to do is use secure shell to Contact a server and I'll use a special option which I'll explain in a moment Why won't my computer connect because everyone else is connected to Wi-Fi? I've lost my connection It's coming back. We'll come back and explain the purpose of this command in a moment I'm going to go into my browser settings and edit some preferences And some advanced preferences and set up the network and use a proxy What I'm going to do with my browser is say When I send something out to the internet, don't send it as is send it to someone else Send it to a proxy who will follow it on my behalf and the proxy in this case is myself So manual proxy configuration and I'm going to use something called socks It's a special protocol and it says When my browser wants to send something send it to what's called local host local host is my computer So don't send it out send it to myself In particular send it to myself and an application on my computer listening using port 9 9 9 9 And I just chose that number for the example So send it to this other application using port 9 9 9 9 and now I access the same website and Now I am in Singapore and my IP address where it's actually IPv6 address But it's not the same as Thomas out. It's we use IPv6 in some networks This website The same one I was access before thinks I am in Singapore now What happened was that The proxy When I set it up I Said send all my web requests to some software on my computer and that software is using port 9 9 9 9 and it can be a different number. It doesn't matter What is that software I Set up a secure shell connection to my server sandy lands dot info. Where is it that server? Turns out it's in Singapore. All right. It's just a rented server in Singapore and this minus D option 9 9 9 9 means set up the secure shell connection whenever someone sends something to you on port 9 9 9 9 send it to Singapore send it to a sandy lands dot info and then that server will send it to the real Destination website. What is my IP address dot com? So this is a secure shell tunnel and you see one application of it is to forward in your traffic via someone else what happened in that example was We had Firefox my browser Was set up to send something and it sent it to the secure shell software on my the secure shell client and in this particular case the port number Firefox sent it to the secure shell software the client listening on port 9 9 9 9 and then Secure shell sent it out of my computer Across the internet. This is the secure shell client To a secure shell server. This is the internet here and this secure shell server receives it This is my laptop at si it this computer was My secure shell server in Singapore What port number does a secure shell server use? Those have done the computer networking lab. What is it? 22 That's the default port number so my secure shell client sent that Data to secure shell server and it was set up so that then it sent it out Across the internet and received by the web server whatever using the normal port for web browsing Importantly all the communications across this segment are Encrypted we were using secure shell So this is one example of using secure shell tunneling From my web browser. I want to access a website But in send of instead of sending it direct I send it via some intermediate proxy in this case and The proxy was established using a secure shell connection. So I send it to some local secure shell client on my computer Which then sends it Securely across the internet encrypted to some intermediate computer this proxy and Then that forwards the normal data Unencrypted onto the destination website the one that I wanted to visit in my browser So the communication protocols for example, this was HTTP this was using secure shell and Here to talk between the Firefox application and the secure shell application on my computer the protocol is called socks Local communications inside my computer. What's the advantage of doing this? What did I gain from doing this? Protect the data from where? Well, I've protected the data at least across this segment of the internet from my computer to the proxy computer That is it's encrypted no one can see that who did I protect against who do I hide my data from in that case then? SIT that is If someone was out here on the internet between the web server and my proxy they can see my data Nothing is protected here. So we don't gain end-to-end Encryption, but we do have encryption across one segment So if we want to bypass or have some protection against someone say your local organization Then this is what it does it encrypts the data going out so that say SIT cannot see my data What else can't SIT see? Do they know who I'm communicating with No, no, they think I'm communicating with sandy lands dot infer When SIT intercepts these messages they see the destination address is that of the proxy not of the final website Okay, so we're not just hiding our data. We're hiding who we're accessing and this is one simple example of Providing privacy in the internet Hiding the the behavior of your communications What's the problem with this approach for provide privacy? Someone can still see the data, but to the end server. Yes Another problem with this approach is that you need a server set up to listen on the secure shell connection, which I did So there are other techniques which don't involve you setting up a server in advance Some techniques that do include generally virtual private networks VPNs do a similar thing, but using different protocols not secure shell and Others another one is tall onion routing to our provides similar service But in a more secure manner for private communications in the internet That's covered in my topic which we're going through in IT security. So you'll miss that if you want to join our lectures on Tomorrow morning or Wednesday afternoon. You'll see tour and VPNs covered, but that's just an introduction to it for today