Focus on Microsoft
Back to list
Jan 12 2011 05:28PM
im anikin us
Jan 14 2011 02:30AM
Claude Petit (petc webmail us)
Jan 13 2011 03:55AM
MNelson (mnelson nels-sec com)
Jan 13 2011 01:48AM
Thor (Hammer of God) (thor hammerofgod com)
I used to date an Asian girl who called me that.
I would say that the implications of a Tor relay behind the fw are the same as any other service behind a firewall. You can't really look at it as a "probability of being hacked" any differently than you would for a SMTP gateway; which is to say, vendor vulnerability history aside, they should be considered equal.
I guess you could look at the service workflow differently for a strict relay of IP traffic coming in and going out differently than something like a web server where you have IP coming in and file access going on in the background. Things to keep in mind are the context of the Tor service's execution, and what restrictions you can place on it. If it can run as a Guest user or LocalService, then that is way better than LocalSystem. I would also consider the least privilege model - for SMTP, it has to make its way to your infrastructure somehow (in general) so you secure it based on that need. But with Tor, your infrastructure doesn't need to see any of that traffic. I put mine up in my DMZ on a VM, but to be honest, I've not done much with it. But anyway, I try to keep the "dirty" traffic as far away from "clean" traffic as I can in the same way that I try to keep Steve Moffat as far away from my wife as I can. If there is no need for your traffic to be internal, then don't put it there. If you must, then lock that guy down as much as you can just like any other service carrying data that you do not control or trust.
>From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
>On Behalf Of im (at) anikin (dot) us [email concealed]
>Sent: Wednesday, January 12, 2011 9:28 AM
>To: focus-ms (at) securityfocus (dot) com [email concealed]
>What are the security implications of running a Tor relay on a machine behind
>Is there a high probability of it being hacked somehow, and what does one do
>to prevent that?
>Thank you in advance for your time and advice.
>mailto:im (at) anikin (dot) us [email concealed]
[ reply ]
Jan 12 2011 06:43PM
Lee Fisher (blibbet gmail com)
Copyright 2010, SecurityFocus