We are a CompTIA Content Publishing Partner. As such, we are able to offer CompTIA exam vouchers at a 10% discount. For more information on how to obtain this discount, please download these PDF instructions.
- Making secure connections through tunnels
- InterVLAN routing
- Port bonding and port mirroring
- IDS vs. IPS
- Routing and switching with IPv6
- Packet switching
- ISDN and BPL
- Remote desktop connectivity
Skill Level Beginner
- We hear the word tunneling a lot in the networking world. Tunneling is a very, very cool thing, but it's not the easiest thing for you to wrap your mind around, so I want to take a moment and talk about conceptually, what tunneling is. Now, I'm the type of person who likes to access my home computer from the office, and I use a program called VNC. Now, VNC is a remote desktop program. It's been around for a long time. It's free. It runs on all these different operating systems, and I've just gotten used to it, and I like it, so VNC works well.
In order for me to use VNC, I have to, well, on my home machine, I'll put a VNC server, and have it running, and then on whatever machine I want to access my server from, I run a VNC client. I make the connection like this, and I can just be typing away on this, and it's as though I were literally sitting at my home computer. The downside to all this is that, well, VNC is unencrypted, so anybody can intercept this data going back and forth between my computers, and see what I'm doing, so I'm not happy about that.
So, if I want to encrypt this data, I've got two choices, number one, I can rewrite VNC, and I'm such a great programmer, I can rewrite VNC and put encryption into it, and people do that all the time. For example, Microsoft's Remote Desktop Protocol actually has its own built-in encryption. Although, also need to remember that Remote Desktop Protocol is proprietary tool of Microsoft Corporation, so they can pretty much do anything they want. So I could rewrite VNC and put encryption into it, but the problem is is that the internet is filled with all of these unencrypted programs.
There's zillions of them out there, emails, and town nets, and games, and it was never really designed to have encryption because it was gonna be cool and everybody was gonna love each other. It was gonna be great. It didn't happen that way. So, the onus of having to rewrite all of these programs, and not really just the programs, rewrite the protocols themselves that these programs are based on to handle encryption is just crazy. It's not going to happen, so what we can do instead is we can take an existing program that's already running encryption like SSH in this particular example, and we can run the data through this program.
Now, in order to appreciate that, I have brought a couple of props. Do you remember my SSH machines from earlier episodes? I knew you liked them. So what I'm going to do is I'm going to fire up SSH. Now this could be puTTY or whatever it might be, the popular SSH program, and I'm going to make a connection between these two SSH systems. Now VNC is not running at this point in the game.
It's not even on yet, so what I've done is I've made an SSH connection here. Now here's the part that's a little bit tricky. Let's look at this end of the SSH connection. This is, let's say we're running puTTY, the very, very famous SSH program. Now, if you look at puTTY, you can really kind of separate it into two pieces. There's the part of puTTY which is the SSH endpoint that you can't really see, it's just running, and it handles all the encryption and decryption, and all that stuff, and then there's also the interface, the pretty little terminal screen that comes up where you type in dir and whatever it might be.
Normally, with puTTY, what we're doing, is we're typing with our keyboard and it's taking the data directly from whatever we're typing. Now it puts it up on the screen, too, but that's really just to help us as human beings. It's taking keyboard input and it's setting it right into the SSH. Equally, it's also doing output and putting it up on the screen as necessary. What I propose we do, is that we're going to take SSH, now puTTY and all of these SSH programs are programmed to do this, and we can tell them, hey program, forget about the little terminal screen, we want you to take input directly from, in this case, the VNC client.
Pretty cool, huh? Equally, it can do output and take it out to the VNC client. There are settings in puTTY that you have to go into to configure it so that it will do this stuff, all right? Pretty much all SSH programs are designed to do this. So what's going to take place now, oh, we'll do it on this end, too, sorry (chuckles). There we go. All plugged in, ready to go. So what happens now is anything that I'm typing in my VNC client, it doesn't just go out on its own connection into the VNC server, it goes directly into my SSH.
The SSH encrypts it, runs it through the internet all nice and encrypted over to this end, which decrypts it and sends it out to the VNC server, and it goes back and forth like this. So what we're really doing, is we're piggybacking on SSH's ability to handle encrypted data. So you've really got a program within a program, and that my friends, is really what a tunnel is. A tunnel will always first manifest as you first start up some program. In this case, we're using SSH, but there's lots of other forms of tunneling out there, and in other episodes, we're going to talk about this.
At this point, I just want you comfortable with the concept of tunneling. So we can plug them in, we make the connection, and then we take our applications on either end of that connection, and we port them, not to talk to each other directly, but to go through the tunnel itself, and that's where the term tunnel came from. Keep in mind with tunneling, the number one reason we do it is to provide encryption where normally there isn't.