TBB on XP again
Kyle Williams
kyle.kwilliams at gmail.com
Sun Jan 18 21:08:56 UTC 2009
Hi Mikel,
By chance have you used any virtual machines on the host OS that runs your
NIS firewall?
There are two networking modes I'd be curious about. The first being a
'bridged' networking interface. The second being a 'NAT' networking
interface. I would think that 'bridged' networking would not be affected by
NIS on your local system, and would be able to operate on the network
without restrictions, since it appears as a completely separate device on
the network. I'm curious about a NAT'd interface though. I would think
that is would be affected by NIS, since all traffic would pass through the
host OS before entering the network.
For my day job, I managed a global VM infrastructure. One of my duties is
to make sure all the VM's stay up-to-date with the latest security patches
for the different OS's . I've noticed that the securities measures that
allow the company to audit "who is doing what" can be easily bypassed if a
VM is brought online and doesn't have the proper management software
installed. (However, network audits catch this within 24 hours.) This can
be good or bad depending which side of the fence you're on. Perhaps in your
case it might be good to use a VM that has a 'bridged' network interface to
try and avoid NIS? If you don't have admin level access, then you are
probably stuck using a NAT'd network interface for your VM.
The other advantages of using a VM with a 'bridged' network interface in a
restrictive or monitored environment is:
1) Process auditing will only see that a VM was run (qemu.exe or
vmplayer.exe) in the audit logs. (So what ran in the VM? Who knows... ;-)
2) Network auditing on the HOST OS will not see a direct connection between
your VM's traffic and the HOST OS.
3) You can keep it with you on a USB flash drive. Maybe even a Live CD with
a VM on it?
4) Use OS encryption on the VM itself to protect your VM in the event it
becomes remotely audited, copied, or stolen.
Just my two cents worth...
Best regards,
- Kyle
On Sat, Jan 17, 2009 at 11:52 PM, mikel.anderson at juno.com <
mikel.anderson at juno.com> wrote:
> All,
>
> Well I'll be a monkey's uncle! Turns out both non-admin accounts had their
> NIS accounts set to the more restrictive Teenager level. TBB was stalled
> waiting to be granted access by the NIS firewall. Adult level users are
> notified about each request and may grant or deny each one. Users with more
> restrictive levels are not even notified.
>
> Even with the correct account levels systems like mine are going to leave
> tracks in the firewall. TBB leaves a set of three tracks(tor, firefox, and
> polipo) for each user account on which it is successfully run.
>
> Furthermore, this demonstrates how easy it would be to block the use of
> portable browsers on any kind of public computer.
>
> Mikel
>
> ____________________________________________________________
> Domain Registration - Click Here
>
> http://thirdpartyoffers.juno.com/TGL2141/fc/PnY6rw2XOfrwnqKJ8WABRu5NQ1EXUAmPNLBmG6Ort3CeuL2PeaQid/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20090118/84ca843e/attachment.htm>
More information about the tor-talk
mailing list