[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor Jumphost



> 4) you trust the users ?
>
> 5) you trust the websites they will visit ?

Yes. I don't really want or need to know what sites they will be
visiting and nightly rebuilds are a major success factor IMO with
regards to this implementation. If I go the Windows route, I'd like put
some restrictions in place in terms of TBB being the only choice of
browser on the machine as well as restrict administrative activity to
myself.

Have you or anyone else tried something like this?

On 6/10/2014 5:12 PM, krishna e bera wrote:
> On 14-06-10 02:12 PM, Wayland Morgan wrote:
>> I have been considering potentially building some type of remote
>> jumphost for a University research setting that automatically connects
>> its users to the Tor network and am looking for feedback/implementation
>> ideas.
>>
>> A few assumptions:
>>
>> 1) the users of the host trust me as the operator
>> 2) as soon as they log off of the host, all information about their
>> usage is purged.
>> 3) would like to do this with Windows, as it is compatible with RDP and
>> would require less user education.
>>
>> Basically I want to provide an environment for users that requires
>> little or no configuration on their part that they can use to browse the
>> web anonymously. One of the things that is attractive about the jumphost
>> approach is that I can control the patch level of the browser bundle
>> thereby ensuring that it is up to date and also restrict use of any
>> other software that could perhaps compromise the integrity of the user's
>> identity.
>>
>> Thoughts?
> 
> 4) you trust the users ?
> 
> 5) you trust the websites they will visit ?
> 
> Hopefully you will be reloading from a drive-image nightly, and before
> doing any TBB or other updates.
> If one of your RDP users manages to accidentally infect or purposely pwn
> the box, assumptions 1 and 2 would no longer hold.
> 
> Security on Windows or any OS is much harder to maintain once users have
> something like shell access.  Also, TBB flouts one of the potential
> Windows safeguards, that executables shouldnt sit in the user filespace.
> 
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk