Delivery-Date: Tue, 10 Jun 2014 18:26:34 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by moria.seul.org (Postfix) with ESMTPS id B5C431E09EA
	for <archiver@seul.org>; Tue, 10 Jun 2014 18:26:32 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 3B48D2F439;
	Tue, 10 Jun 2014 22:26:30 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id EF4F42F46D
 for <tor-talk@lists.torproject.org>; Tue, 10 Jun 2014 22:12:36 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id EP28VV-GSKyy for <tor-talk@lists.torproject.org>;
 Tue, 10 Jun 2014 22:12:36 +0000 (UTC)
Received: from mail-ie0-x234.google.com (mail-ie0-x234.google.com
 [IPv6:2607:f8b0:4001:c03::234])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id D3BF42F11B
 for <tor-talk@lists.torproject.org>; Tue, 10 Jun 2014 22:12:36 +0000 (UTC)
Received: by mail-ie0-f180.google.com with SMTP id at20so7362203iec.25
 for <tor-talk@lists.torproject.org>; Tue, 10 Jun 2014 15:12:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=cyblings.on.ca; s=google;
 h=message-id:date:from:user-agent:mime-version:to:subject:references
 :in-reply-to:content-type:content-transfer-encoding;
 bh=YZ7ARA5o8huE16PrCxiOFm3Z3fAqjqKHDkUKkmf2AKA=;
 b=eTsFaZW3g/S0g88Am/xZ8WSC6PT4kuHGZh443MA1f4b/8FUyZceg5pJETTzKx0J1jA
 88+27s+ppMuoOwZARFqLMMghAOvKAlEavi7GxRQ9h4AdHjAoYnrRcIDdg6mezJowU+G/
 CVshv+nkLAthuPbKGo/o53mh9dvATQIFyvDU0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to
 :subject:references:in-reply-to:content-type
 :content-transfer-encoding;
 bh=YZ7ARA5o8huE16PrCxiOFm3Z3fAqjqKHDkUKkmf2AKA=;
 b=PBdK7qeTX1CZSk2MT9JJ5gFgnmtG/DkfscW2S7nQImB+u7iXeuxZxAff5bUdU/in07
 zwqnY6obMG/QnWS1h7BlHi8xdYmIUn4zYqYwWx19NC6UZ8nVHbBDfzJCMs804t0a20QH
 yOde1VY840gEYAffiZdlyPYsJ/fRKxIprl4fqofv5brsWMnD1BwDLqFVvMwTySwZR889
 tYvfkZf6v6ZxHnIT7Zw4FyXfqzz3ZgQbhmvfUcRGk5q+Fb+H0H5/0X8tk6DQtPLgSLyy
 gNOHjjeFmxDQlEvQhMdGj+4VLCfT5BJac10nLtPMjydQHFUYpsNZmzZOZgtBDPvUm0IL
 /mMA==
X-Gm-Message-State: ALoCoQnN1rBsxDYaezpiXHZQpdFs4/YlGmwYelSSAZcAzeXzWOUoZmsk2ldJQav459uYrBBgtRU3
X-Received: by 10.50.178.203 with SMTP id da11mr48708231igc.0.1402438354389;
 Tue, 10 Jun 2014 15:12:34 -0700 (PDT)
Received: from [192.168.1.2] (69-196-152-198.dsl.teksavvy.com.
 [69.196.152.198])
 by mx.google.com with ESMTPSA id o19sm68419636igi.20.2014.06.10.15.12.32
 for <tor-talk@lists.torproject.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Tue, 10 Jun 2014 15:12:33 -0700 (PDT)
Message-ID: <539782CD.4000202@cyblings.on.ca>
Date: Tue, 10 Jun 2014 18:12:29 -0400
From: krishna e bera <keb@cyblings.on.ca>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <53974AA4.2030302@gmail.com>
In-Reply-To: <53974AA4.2030302@gmail.com>
X-Enigmail-Version: 1.6
Subject: Re: [tor-talk] Tor Jumphost
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 14-06-10 02:12 PM, Wayland Morgan wrote:
> I have been considering potentially building some type of remote
> jumphost for a University research setting that automatically connects
> its users to the Tor network and am looking for feedback/implementation
> ideas.
> 
> A few assumptions:
> 
> 1) the users of the host trust me as the operator
> 2) as soon as they log off of the host, all information about their
> usage is purged.
> 3) would like to do this with Windows, as it is compatible with RDP and
> would require less user education.
> 
> Basically I want to provide an environment for users that requires
> little or no configuration on their part that they can use to browse the
> web anonymously. One of the things that is attractive about the jumphost
> approach is that I can control the patch level of the browser bundle
> thereby ensuring that it is up to date and also restrict use of any
> other software that could perhaps compromise the integrity of the user's
> identity.
> 
> Thoughts?

4) you trust the users ?

5) you trust the websites they will visit ?

Hopefully you will be reloading from a drive-image nightly, and before
doing any TBB or other updates.
If one of your RDP users manages to accidentally infect or purposely pwn
the box, assumptions 1 and 2 would no longer hold.

Security on Windows or any OS is much harder to maintain once users have
something like shell access.  Also, TBB flouts one of the potential
Windows safeguards, that executables shouldnt sit in the user filespace.

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

