Suramya's Blog : Welcome to my crazy life…

This article explains how we can setup a SOCKs proxy via SSH which lets you surf the internet securely from unsecure locations.

Excerpt:

Open PuTTY (see the list of requirements above for a URL). You should be greeted with a configuration screen. First, you will enter the hostname or IP address of the SSH server. Type in a name for your connection settings in the box below “Saved Sessions”, and click the Save button.

Now you need to look at the tree of options to the left; expand the SSH tree, and select “Tunnels”. Enter 4567 (or any port number above 1024) in the Source Port area, and click the Dynamic radio button to select it. Leave the Destination field blank, and click “Add”.

Now go back to the Session tree (very top of the left section), and save again.

You will be prompted to enter a username, which is the username of your shell account. Type that in, hit enter, and then type in your password when it prompts you.

Original Article:
Security Engine: Secure surfing SSH

To restrict access to a server by allowing an authorized user to only run a specific command add an authorized_keys file entry that looks like (this is all in one line one line)

from=”202.41.95.13″,command=”rsync -aCz –server –sender $SRCDIR .”,
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty
ssh-dss
AAAAB3NzaC1kc3M

Here you must put the appropriate source directory in $SRCDIR.

The authorized key file can be put in a dummy users directory. This dummy user should have appropriate read/write permissions for the directory in question.

As an alternative you can use a configuration file “–config=$FILE” in place of $SRCDIR.

Once this is done, the owner of the SSH private key associated with the public-key (which is the bit that starts ssh-dss AAA….) can connect to the ssh server and start the above command and *only* the above command.

– Suramya

PS: Thanks to Kapil from the Linux Gazette Answer Gang for the above tip.

Techrepublic has a really nice article that tells you how to disable IE. Keep in mind that this just disables IE not remove it.

Article Extract:

The easiest way to remove users’ ability to browse with IE is to add a bogus proxy server to IE’s Internet Settings.

Follow these steps:

1. In IE, go to Tools | Internet Options.
2. On the Connections tab, click the LAN Settings button.
3. In the resulting dialog box, select the following check box in the Proxy Server section: Use a Proxy Server For Your LAN (These Settings Will Not Apply To Dial-up Or VPN Connections).
4. Enter 0.0.0.0 in the Address text box.
5. Enter 80 in the Port text box, and click OK.

Please note that adding a bogus proxy server to your Internet settings won’t affect Automatic Windows Update from connecting and updating your operating system.

You can also restrict Internet settings via Group Policy. Follow these steps:

1. On your domain controller, right-click the organizational unit that contains your domain users, and select Properties.
2. On the Group Policy tab, click Edit.
3. Expand User Configuration to set restrictions on a per-user basis.
4. Expand Windows Settings, and expand Internet Explorer Maintenance.
5. Select Connection, and double-click Proxy Settings.
6. Select the Enable Proxy Settings check box, add 0.0.0.0 to the HTTP entry, and click OK.
7. Expand Administrative Templates, and expand Windows Components.
8. Select Internet Explorer, and double-click Disable Changing Proxy Settings.
9. Select Enabled, and click OK.

Article Source :
Learn two ways to disable Internet Explorer

– Suramya