[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor Jumphost

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Tor Jumphost
From: Wayland Morgan <dotwayland@xxxxxxxxx>
Date: Wed, 11 Jun 2014 03:23:00 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 11 Jun 2014 04:26:38 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=knqkoI5fUcw2PavqqT0d/yFkNnS1ZtSwiROl8BdYDhM=; b=KoXd1ZHbACt0T+qwDTT8BXcenT8icGKwZa3nR376AIYatjmPwHYA77NnPUY4Y/0dbs 1iGzf0owRnN2dlkelUz80bCXncozMzmLqVEYsuFKz0cyMqaSKLunZnumOZaRmHpj020y dRzYny/4UnGSwJOoZDfyFg+e0kLrGJKA5jFH8OwSiuQWQyEAn6GaG9nLOnPb8c2kE02M A4M4UHSeteNQldLzaaaR1bouDXK7+AusXRtORaxV0r4Ln4CG8Q5IwnkqIHBs9TahufUM SoyBCs/O6c/XylDOIoAdJ4IEZ4AgXJyp40KEsisIYnm39POCK6yihM4finVIvCUfZV4+ mTCg==
In-reply-to: <539782CD.4000202@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <53974AA4.2030302@xxxxxxxxx> <539782CD.4000202@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0

> 4) you trust the users ?
>
> 5) you trust the websites they will visit ?

Yes. I don't really want or need to know what sites they will be
visiting and nightly rebuilds are a major success factor IMO with
regards to this implementation. If I go the Windows route, I'd like put
some restrictions in place in terms of TBB being the only choice of
browser on the machine as well as restrict administrative activity to
myself.

Have you or anyone else tried something like this?

On 6/10/2014 5:12 PM, krishna e bera wrote:
> On 14-06-10 02:12 PM, Wayland Morgan wrote:
>> I have been considering potentially building some type of remote
>> jumphost for a University research setting that automatically connects
>> its users to the Tor network and am looking for feedback/implementation
>> ideas.
>>
>> A few assumptions:
>>
>> 1) the users of the host trust me as the operator
>> 2) as soon as they log off of the host, all information about their
>> usage is purged.
>> 3) would like to do this with Windows, as it is compatible with RDP and
>> would require less user education.
>>
>> Basically I want to provide an environment for users that requires
>> little or no configuration on their part that they can use to browse the
>> web anonymously. One of the things that is attractive about the jumphost
>> approach is that I can control the patch level of the browser bundle
>> thereby ensuring that it is up to date and also restrict use of any
>> other software that could perhaps compromise the integrity of the user's
>> identity.
>>
>> Thoughts?
> 
> 4) you trust the users ?
> 
> 5) you trust the websites they will visit ?
> 
> Hopefully you will be reloading from a drive-image nightly, and before
> doing any TBB or other updates.
> If one of your RDP users manages to accidentally infect or purposely pwn
> the box, assumptions 1 and 2 would no longer hold.
> 
> Security on Windows or any OS is much harder to maintain once users have
> something like shell access.  Also, TBB flouts one of the potential
> Windows safeguards, that executables shouldnt sit in the user filespace.
> 
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Tor Jumphost
  - From: krishna e bera

References:
- [tor-talk] Tor Jumphost
  - From: Wayland Morgan
- Re: [tor-talk] Tor Jumphost
  - From: krishna e bera

Prev by Author: [tor-talk] Tor Jumphost
Next by Author: [tor-talk] multiple local proxy ports
Previous by thread: Re: [tor-talk] Tor Jumphost
Next by thread: Re: [tor-talk] Tor Jumphost
Index(es):
- Author
- Thread