Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Anonymize internet access

from [Jeffrey F. Bloss] Network Security [Permanent Link]
Subject: Re: Anonymize internet access
Date: Fri, 23 Sep 2005 17:27:17 -0400 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 22 September 2005 12:40 pm, Saqib Ali wrote:

If this is for several users in an enterprise, try:
Publish IE/Firefox on Citrix, and use Anoymous Citrix users accounts.
Clean Anonymous user space after logoff. Best way to anonymize
internet access. Tunnel ICA (Citrix protocol) through SSL.


I know nothing about Citrix. They appear to be a service that offers VPN to 
their machines, then proxy connections to the outside. That would dictate the 
connection between you and them is already encrypted, and "tunneling it 
through SSL" would seem pointless. 

OTOH, tunneling an SSL connection to an end location or a forwarding server 
through the VPN connection to Citrix might be very useful. It would obscure 
content from Citrix, as well as anyone between Citrix and that SSL 
connection's end point.

All that said, The OP stated a preference that the service keep no logs. Does 
Citrix log? How do you know?

The simple answer is that you do not. You can't, unless you're Citrix. They 
can claim anything they want. It's meaningless in essence. This is true for 
any such single point of contact. None of them can be assumed to be anonymous 
in any way, and none of them are the "best way" to anonymize connections to 
the internet.

The closest thing you're going to get to real anonymity on the internet is the 
mixmaster remailer network, tor, and other similar mix/onion routed setups. 
They're the only things designed to afford any true privacy at all, even in 
the case of a partial compromise of the network. IOW, because of the "blind" 
nature of such protocols, individual nodes in a given chain have no way to 
log any useful information. The issue of "do they" becomes moot.

- -- 
Hand crafted on September 23, 2005 at 17:14:04 -0400

Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
                                  -Groucho Marx
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDNHM6RHqalLqKnCkRAg6OAJwMptiF0H2KGlWknuErDniWn+3x6gCcD2to
jqotW6FF6Vu5dIXFGwhSyAw=
=mD+k
-----END PGP SIGNATURE-----
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Measuring Risk Assessment, security
Next by Date:  Re: broute forcing telnet and ssh, Gregory Boyce
Previous by Thread:  Re: Anonymize internet access, Saqib Ali
Next by Thread:  Re: Anonymize internet access, Saqib Ali
Indexes:  [Date] [Thread] [Top] [All Lists]