[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor Jumphost

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Tor Jumphost
From: krishna e bera <keb@xxxxxxxxxxxxxx>
Date: Tue, 10 Jun 2014 18:12:29 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 10 Jun 2014 18:26:34 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cyblings.on.ca; s=google; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=YZ7ARA5o8huE16PrCxiOFm3Z3fAqjqKHDkUKkmf2AKA=; b=eTsFaZW3g/S0g88Am/xZ8WSC6PT4kuHGZh443MA1f4b/8FUyZceg5pJETTzKx0J1jA 88+27s+ppMuoOwZARFqLMMghAOvKAlEavi7GxRQ9h4AdHjAoYnrRcIDdg6mezJowU+G/ CVshv+nkLAthuPbKGo/o53mh9dvATQIFyvDU0=
In-reply-to: <53974AA4.2030302@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <53974AA4.2030302@xxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0

On 14-06-10 02:12 PM, Wayland Morgan wrote:
> I have been considering potentially building some type of remote
> jumphost for a University research setting that automatically connects
> its users to the Tor network and am looking for feedback/implementation
> ideas.
> 
> A few assumptions:
> 
> 1) the users of the host trust me as the operator
> 2) as soon as they log off of the host, all information about their
> usage is purged.
> 3) would like to do this with Windows, as it is compatible with RDP and
> would require less user education.
> 
> Basically I want to provide an environment for users that requires
> little or no configuration on their part that they can use to browse the
> web anonymously. One of the things that is attractive about the jumphost
> approach is that I can control the patch level of the browser bundle
> thereby ensuring that it is up to date and also restrict use of any
> other software that could perhaps compromise the integrity of the user's
> identity.
> 
> Thoughts?

4) you trust the users ?

5) you trust the websites they will visit ?

Hopefully you will be reloading from a drive-image nightly, and before
doing any TBB or other updates.
If one of your RDP users manages to accidentally infect or purposely pwn
the box, assumptions 1 and 2 would no longer hold.

Security on Windows or any OS is much harder to maintain once users have
something like shell access.  Also, TBB flouts one of the potential
Windows safeguards, that executables shouldnt sit in the user filespace.

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Tor Jumphost
  - From: Wayland Morgan

References:
- [tor-talk] Tor Jumphost
  - From: Wayland Morgan

Prev by Author: Re: [tor-talk] canvas fingerprinting
Next by Author: Re: [tor-talk] Tor Jumphost
Previous by thread: [tor-talk] Tor Jumphost
Next by thread: Re: [tor-talk] Tor Jumphost
Index(es):
- Author
- Thread