Quote:
Originally Posted by neopandid
M
But my concern is :
How can I improve this service for my friend's security.
Is this a best environment for my friend's concerns? or
Should I use a vpn connection? They want their connection is encrypted and they want to use all other programs like skype msn aim like this.
For example:
He is using mail providers such as GMAIL and hotmail with ssl but I am wondering my proxy server really supply a secure connection without ssh tunneling?
|
There are two things your have to separate. One is the proxy server (Squid) running on your VPS and the trustworthyness of your VPS. The other is securing the access to your (trustworthy) VPS. Of course you have to harden your server so that it remains a trusted host for your friends, and every access to the host must be encrypted.
For your friend no connection without either SSH or VPN is safe.
One of the advantages of SSH is its ability to be configured quite easily to accept only encrypted connections. You have to set up ssh keys (RSA) for your friend in his home directory and configure the server NOT to accept password authentication.
Another very interesting approach is to use STUNNEL to enable dump (not-SSL) software to use proper SSL certificates, that you can generate for your friend yourself, to access your VPS over a secure SSL connection. I have used it to secure the sending of emails via my VPS by email software that was not able to use TLS.
There is a blog post here:
going-ssl-with-evolution.html
I hope that helps.