Being an intrepid occasional business traveler, I’ve come to rely on my trusty MacBook as sort of an office-away-from-home. Working while away from the office presents an interesting set of challenges. Internet access (particularly Wi-Fi) is becoming ever more ubiquitous, so getting connected is easy, but there’s no guarantee that a given Internet access point is secure — in fact, it’s most likely not. Working remotely often requires access to potentially sensitive data and resources that are protected behind firewalls and the like. It’s best to keep sensitive data off laptops, as laptops are easily stolen, and a data breech could land you on the 11:00 news, or worse.
This is a collection of tips, tools, etc. that I use to work securely with my laptop while on travel. It’s geared towards Macs, but much of it is applicable to other operating systems as well. Comments, suggestions, corrections, etc. are welcome.
SSH Tunnel Manager
A lot of organizations use VPNs to facilitate off-site access to private intranets, and ours is no exception. I’ve never been a big fan of VPNs, because they all seem to rely on OS-specific drivers (or weird Java applets) that inevitably fail to work properly with my OS or web browser. So, I avoid our VPN and use SSH tunnels instead. All this requires is SSH access to a host with access to the intranet resource(s) I need. With several well-crafted SSH tunnels, I’ve never found a need to use our VPN.
There’s one catch with SSH tunnels where laptops are concerned. Setting up an SSH tunnel often requires feeding the SSH command a complex set of options. When I’m on travel, I’m constantly moving from place to place, and bringing my laptop in and out of sleep mode. This causes the SSH connections to time out, and I end up having to re-initialize all my tunnels every time I want to work on something — a big pain. This is where a good SSH tunnel manager helps. A tunnel manager maintains a list of tunnels and lets you start and stop them with a mouse click. There’s a decent app for OS X called (surprise) “SSH Tunnel Manager,” and PuTTY does a nice job on Windows. For Linux, I like gSTM. With the SSH Tunnel manager, I’m up and running in seconds after starting up the laptop, and I don’t have to remember complex SSH command-line options.
Firefox Proxy-switching Extension
Secure web-browsing is a primary concern when traveling. As such, I do all my browsing through SSH tunnels, which ensures that all my browser traffic is encrypted. For general purpose browsing, I use a tunnel to an ad-filtering proxy running on a server in my office. For work related stuff, as well as online banking and related things, I use a SOCKS proxy. There are a couple other configurations I use as well. Each of these requires a different proxy configuration in Firefox. As shipped, Firefox only allows you to define a single proxy configuration. There’s no support for multiple proxy configurations; if you want to change your proxy, you need to go in and manually update the settings each time. Proxy-switching extensions allow you to define as many proxy configurations as you want, and switch between them quickly and conveniently. I’ve found them to be indispensable. There are a bunch of proxy-switching extensions out there, but my favorite is SwitchProxy, because it seems to be the best balance between simplicity and functionality (note that the stock version of SwitchProxy doesn’t run on Firefox 3, but I found a modified version that works nicely here).
Foxmarks is a Firefox extension that synchronizes bookmarks between different instances of Firefox. With Foxmarks, I now have the same set of bookmarks at work, at home, and on my laptop, and when I change my bookmarks in one place, all the others stay in sync automatically. I’ve been running separate Firefox installations on different computers forever now, and I only recently discovered Foxmarks. It’s one of those things where once you have it, you wonder how you got along without it.
VNC, or Virtual Network Computing, is a remote desktop-sharing technology. It’s similar to Microsoft’s Remote Desktop service, but it’s an open standard and is platform-independent. It allows me to pull up a virtual desktop and access data on a remote server as if I were physically sitting at the server. This is a great way to keep sensitive data off my laptop — I just manipulate it remotely. All of the connections are made through SSH tunnels. (what else?)
VNC is one of those things that I keep finding more and more uses for as time goes on. I use it to access various GUI-based apps on my home and work PCs while traveling. It’s particularly useful for running the occasional Windows or Linux-based app that I don’t have available on my Mac. For example, I use GnuCash to track all of our household finances. It’s installed on my Linux server at home. With VNC, I can connect to my home server, run GnuCash remotely, and keep up with the finances while I’m away from home. No need to run it locally on the Mac and worry about the data getting out of sync.
My favorite VNC client for the Mac is Chicken of the VNC.
FileVault is a file-encryption system that ships with OS X. It will transparently encrypt and decrypt files on the fly, using the user’s account password as a key. I haven’t used it before, but I am going to give it a go with my new laptop. It seems like an easy way to protect sensitive data that inadvertently finds its way onto the laptop. In the event the laptop is stolen, the thieves will at least have to work harder to get at the data.
And there you have it. I’m sure I’m leaving something out that will become apparent the next time I travel. One thing I’d like to have is some sort of theft recovery software. Haven’t yet looked into what’s available in that department.