Anonymous Surfing with Tor and Privoxy

Total Page:16

File Type:pdf, Size:1020Kb

Anonymous Surfing with Tor and Privoxy COVER STORY Tor and Privoxy Anonymous surfing with Tor and Privoxy SECRET AGENT Internet users typically reveal their IP addresses, and this lets companies compile a profile of your Internet activities. Tor and Privoxy can help protect your privacy. BY KRISTIAN KISSLING he epidemic of Internet-based a cheap and transparent form of spying. chine through a number of nodes to a market research continues: many And in some repressive countries, the so-called exit node, which then talks to Tcompanies routinely investigate government may even be watching the target machine (Figure 1). The server their customers’ Internet surfing habits – where you surf. version of Tor acts as one of the interme- Privoxy [1] and Tor [2] puts the spies diate nodes in the chain. The name off your trail. A browser typically talks “Tor” is an acronym for The Onion directly to a remote target, most Router. Private users will more typically commonly a website, and the run Tor as a client, commonly known as web server that hosts the an the Onion Proxy. site logs the correspond- This structure poses one problem: if ing access data. The the data you request passes through var- Tor client prevents ious privately operated nodes before your requests from reaching your machine, any Onion going directly to the tar- Router operator could theoretically log get; instead the requests your traffic. This is why a secret key is are forwarded via a proxy negotiated between your Onion Proxy at running on your home ma- home and every node on the path to the exit node. The key prevents unauthor- ized nodes butting in on the conversa- tion en route. By encrypting data in multiple layers, only the Onion Proxy on your home ma- chine is capable of accessing the data – this protection system also prevents node operators from decrypting the pass- ing traffic. The result of this scheme is that the data is very much like an onion – covered in multiple skins of en- cryption. The exit node breaks through the skin and passes the data to the final target, although the exit node has no way of knowing which machine the re- quest originally came from. None of the Onion Routers knows the Onion Proxy, and this means that Onion Router opera- tors have no way of knowing whose data is passing through their nodes. On the way back from the target, the information is repacked and stays en- crypted until the proxy running on your home machine strips the encrypted lay- ers to reveal the data. This makes it im- possible for third parties, including the provider, to know what data you request or send; the person running the target machine just gets to see the IP address of 34 ISSUE 67 JUNE 2006 WWW.LINUX - MAGAZINE.COM Figure 1: Tor forwards a web request through a series of intermediate nodes to obscure the identity of the user. the exit node, which could be Add the path /usr/lib, and anywhere in the world. then (working as root) run ldconfig to update your path Installing Tor information. Tor is still a fairly young pro- Things are slightly simpler gram, as the version number for Debian users; just add the shows; it doesn’t have an in- following entries to your /etc/ terface at this time of writing. apt/sources.list: Suse users can download the source code for the stable deb http://mirrorU version 0.1.0.16, and start by .noreply.org/U installing the Automake tools. pub/tor sarge main If you have Suse 9.3 or 10.0, deb-src http://U Autoconf and Automake are mirror.noreply.org/U included. You additionallly pub/tor sarge main need the GCC and GCC-C++ compilers. YaST automati- Then become root and run cally loads additional re- apt-get update to tell the quired libraries. Don’t forget package manager about the to install the Openssl-devel, new software residing at the and Zlib-devel header files, specified address. You can along with the Libevent then simply type apt-get library [3]. install tor to install. Users with Suse 9.3 can't use YaST to install Tor; in- Here We Go… stead, download the source Let’s give Tor a trial run. Pop code from [2] and follow the up a console window and standard installation steps: enter tor. After a short while, ./configure, make, and make you should see a terse install. This should work out message that says “Tor has fine. Suse 9.3 also needs a successfully opened a circuit. new entry in /etc/ld.so.conf to Looks like it's working” be able to locate the library. (Figure 2). If you are still not Figure 2: Tor has successfully opened a circuit, and told you about it. COVER STORY Tor and Privoxy /etc/rc0.d/K20tor chine; to prevent this from happening, ensures that Tor you need to launch YaST, go to the will launch auto- System tab, and click the Runlevel Editor matically when- button. To disable the Privoxy service, ever you boot click Disable. Suse Linux runs Privoxy your machine. in a Chroot jail. Tor has one prob- On Debian, Privoxy typically launches lem that most en- automatically after the install; if not, you cryption and ano- can launch the client by becoming root nymization pro- and giving the /etc/init.d/privoxy restart grams have in command. common: encryp- The next step is to tell Privoxy to for- tion tends to slow ward Socks requests to Tor. To forward down communi- Socks requests, Suse users need to open cations with re- /var/lib/privoxy/etc/config and enter the mote web servers following line below item 5. FORWARD- noticeably. ING: Figure 3: Configuring Tor as the proxy server for your browser. Privoxy for forward-socks4a / U Dessert 127.0.0.1:9050 . convinced and want to make very sure, Tor does not take all the risk out of just Google for my ip. This takes you to browsing. As you may be aware, your Note the dot following the port; if you a few pages that not only tell you your browser needs to look up the target ma- forget this, no forwarding will take place. computer’s IP, but other details like the chine’s address by sending a request to You need to modify the same file for country you are probably in, your oper- a DNS server; the server then resolves Debian, however, in this case the file re- ating system, and the browser you use, the host name (such as www.linux- sides below /etc/privoxy. or even the web pages you visited re- magazine.com) to the IP address Now update your proxy settings cently. (212.227.104.121). The DNS server then for Firefox and Mozilla to reflect the To bamboozle these pages, first tell sends the resolved IP address back to the changes. Enter 127.0.0.1 as the IP the browser to route all traffic via the Tor browser. If somebody were to check the address, and 8118 as the port in all cases, Onion Proxy. If you have Firefox, just go DNS server’s logfiles, they could find out and then surf to the website that showed to the Preferences, and select Connection which machine had looked up www. your IP address previously. If your IP Settings | Manual Proxy Configuration. linux-magazine.com and when. Privoxy address is shown properly, Privoxy is Enter 127.0.0.1 as your SOCKS Host, and can prevent this from happening by working properly; and if you see 9050 as your Port (Figure 3). Now select using Socks 4a, which, unlike Socks 4 the wrong IP address instead of the the SOCKS v4 entry and finish the con- and Socks 5, does not need to convert correct address, Tor is also working. figuration: your browser will now route hostnames to IP addresses first. all traffic to port 9050 first, and Tor will Privoxy is a filtering proxy for HTTP Quick Change forward it onto the Internet. Mozilla that is often used with Tor. You can Previously, if you used your browser users need Edit | Preferences | Advanced read all about using Privoxy as a web in mixed mode, that is, anonymously | Proxies for this. filter in the October 2005 issue of Linux in some cases and open in others, Now, when you query your IP address, Magazine [4]. there was no alternative to switching the results should look a lot different from the previous result set: the web Installing server now thinks you live in Germany Privoxy (Figure 4) – looks like Tor really is work- Users with Suse ing. 9.3 and 10.0 can If you have Suse, and want to launch simply run YaST Tor automatically when you start your to install Privoxy. machine, become root and add a line for If you have /usr/local/bin/tor & to your /etc/rc.d/ Debian, just type boot.local file; on Debian, a file named apt-get install privoxy. After you GLOSSARY complete the in- Chroot: A security measure that maps stall, Suse will the root directory for Privoxy to /var/lib, launch Privoxy thus preventing would-be attackers automatically from accessing directories farther up the each time you Figure 4: The website thinks you live in Germany, as the exit node filesystem tree. boot your ma- contacting the server is running on a German server. 36 ISSUE 67 JUNE 2006 WWW.LINUX - MAGAZINE.COM Tor and Privoxy COVER STORY pears, letting you the switcher and relaunch your browser, configure your select User Agent Switcher in the Tools new proxy set- menu, and opt for Internet Explorer 6 (or tings.
Recommended publications
  • Legislators of Cyberspace: an Analysis of the Role Of
    SHAPING CODE Jay P. Kesan* & Rajiv C. Shah** I. INTRODUCTION ............................................................................................................................ 4 II. THE CASE STUDIES: THE DEVELOPMENT OF CODE WITHIN INSTITUTIONS.............................. 13 A. World Wide Web......................................................................................................... 14 1. Libwww............................................................................................................ 14 2. NCSA Mosaic .................................................................................................. 16 B. Cookies ........................................................................................................................ 21 1. Netscape’s Cookies .......................................................................................... 21 2. The IETF’s Standard for Cookies .................................................................... 24 C. Platform for Internet Content Selection....................................................................... 28 D. Apache......................................................................................................................... 34 III. LEGISLATIVE BODIES: SOCIETAL INSTITUTIONS THAT DEVELOP CODE ................................. 37 A. Universities.................................................................................................................. 38 B. Firms...........................................................................................................................
    [Show full text]
  • Vol.11, No. 2, 2011
    Applied Computing Review 2 SIGAPP FY’11 Semi-Annual Report July 2010- February 2011 Sung Y. Shin Mission To further the interests of the computing professionals engaged in the development of new computing applications and to transfer the capabilities of computing technology to new problem domains. Officers Chair – Sung Y. Shin South Dakota State University, USA Vice Chair – Richard Chbeir Bourgogne University, Dijon, France Secretary – W. Eric Wong University of Texas, USA Treasurer – Lorie Liebrock New Mexico Institute of Mining and Technology, USA Web Master – Hisham Haddad Kennesaw State University, USA ACM Program Coordinator – Irene Frawley ACM HQ Applied Computing Review 3 Notice to Contributing Authors to SIG Newsletters By submitting your article for distribution in this Special Interest Group publication, you hereby grant to ACM the following non-exclusive, perpetual, worldwide rights. • To publish in print on condition of acceptance by the editor • To digitize and post your article in the electronic version of this publication • To include the article in the ACM Digital Library • To allow users to copy and distribute the article for noncommercial, educational, or research purposes. However, as a contributing author, you retain copyright to your article and ACM will make every effort to refer requests for commercial use directly to you. Status Update SIGAPP's main event for this year will be the Symposium on Applied Computing (SAC) 2011 in Taichung, Taiwan from March 21-24 which will carry the tradition from Switzerland's SAC 2010. This year's SAC preparation has been very successful. More details about incoming SAC 2011 will follow in the next section.
    [Show full text]
  • Dissertation Docteur De L'université Du Luxembourg
    PhD-FSTC-2012-10 The Faculty of Sciences, Technology and Communication DISSERTATION Defense held on 30/03/2012 in Luxembourg to obtain the degree of DOCTEUR DE L’UNIVERSITÉ DU LUXEMBOURG EN INFORMATIQUE by Cynthia WAGNER Born on 2nd August 1982 in Esch/Alzette (Luxembourg) SECURITY AND NETWORK MONITORING BASED ON INTERNET FLOW MEASUREMENTS Dissertation defense committee Dr Thomas Engel, dissertation supervisor Professor, Université du Luxembourg-SnT Dr Chrisptoh Schommer, Chairman Professor, Université du Luxembourg Dr Vijay Gurbani, Vice Chairman Professor, Illinois Institute of Technology and Bell Laboratories Dr Radu State Dr. habil., Université du Luxembourg – SnT Dr Jean Hilger Banque et Caisse d’Epargne de l’Etat (BCEE) 2 Acknowledgments This doctoral thesis has been realized at the SECAN-LAB of the Interdisciplinary Centre for Security, Reliability and Trust (SnT) and the University of Luxembourg. Writing this doctoral thesis without help and support from kind people would not have been possible. First of all, I would like to thank my supervisor, Prof. Dr. Thomas Engel, for giving me the opportunity of being a member of his research team for the last four years. I owe sincere and earnest thanks to my supervisor Dr.hab. Radu State for his support and advice. I want to thank Prof. Dr. Vijay Gurbani for being part in my CET committee. I owe sincere thanks to Dr. Jean Hilger and Prof. Dr. Christoph Schommer for participating in the jury of this thesis. Furthermore, I would like to thank Dr. G´erardWagener and Alexandre Dulaunoy from the Computer Incident Response Centre Luxembourg for providing relevant research data and especially for their scientific cooperation and support.
    [Show full text]
  • Web Tracking: Mechanisms, Implications, and Defenses Tomasz Bujlow, Member, IEEE, Valentín Carela-Español, Josep Solé-Pareta, and Pere Barlet-Ros
    ARXIV.ORG DIGITAL LIBRARY 1 Web Tracking: Mechanisms, Implications, and Defenses Tomasz Bujlow, Member, IEEE, Valentín Carela-Español, Josep Solé-Pareta, and Pere Barlet-Ros Abstract—This articles surveys the existing literature on the of ads [1], [2], price discrimination [3], [4], assessing our methods currently used by web services to track the user online as health and mental condition [5], [6], or assessing financial well as their purposes, implications, and possible user’s defenses. credibility [7]–[9]. Apart from that, the data can be accessed A significant majority of reviewed articles and web resources are from years 2012 – 2014. Privacy seems to be the Achilles’ by government agencies and identity thieves. Some affiliate heel of today’s web. Web services make continuous efforts to programs (e.g., pay-per-sale [10]) require tracking to follow obtain as much information as they can about the things we the user from the website where the advertisement is placed search, the sites we visit, the people with who we contact, to the website where the actual purchase is made [11]. and the products we buy. Tracking is usually performed for Personal information in the web can be voluntarily given commercial purposes. We present 5 main groups of methods used for user tracking, which are based on sessions, client by the user (e.g., by filling web forms) or it can be collected storage, client cache, fingerprinting, or yet other approaches. indirectly without their knowledge through the analysis of the A special focus is placed on mechanisms that use web caches, IP headers, HTTP requests, queries in search engines, or even operational caches, and fingerprinting, as they are usually very by using JavaScript and Flash programs embedded in web rich in terms of using various creative methodologies.
    [Show full text]
  • Deep Web for Journalists: Comms, Counter-Surveillance, Search
    Deep Web for Journalists: Comms, Counter-surveillance, Search Special Complimentary Edition for Delegates attending the 28th World Congress of the International Federation of Journalists * By Alan Pearce Edited by Sarah Horner * © Alan Pearce June 2013 www.deepwebguides.com Table of Contents Introduction by the International Federation of Journalists A Dangerous Digital World What is the Deep Web and why is it useful to Journalists? How Intelligence Gathering Works How this affects Journalists 1 SECURITY ALERT . Setting up Defenses 2 Accessing Hidden Networks . Using Tor . Entry Points 3 Secure Communications . Email . Scramble Calls . Secret Messaging . Private Messaging . Deep Chat . Deep Social Networks 4 Concealed Carry 5 Hiding Things . Transferring Secret Data . Hosting, Storing and Sharing . Encryption . Steganography – hiding things inside things 6 Smartphones . Counter-Intrusion . 007 Apps 7 IP Cameras 8 Keeping out the Spies . Recommended Free Programs . Cleaning Up . Erasing History . Alternative Software Share the Knowledge About the Authors Foreword by the International Federation of Journalists Navigating the Dangerous Cyber Jungle Online media safety is of the highest importance to the International Federation of Journalists. After all, the victims are often our members. The IFJ is the world’s largest organization of journalists and our focus is on ways and means to stop physical attacks, harassment and the killing of journalists and media staff. In an age where journalism – like everything else in modern life – is dominated by the Internet, online safety is emerging as a new front. In this new war, repressive regimes now keep a prying eye on what journalists say, write and film. They want to monitor contacts and they want to suppress information.
    [Show full text]
  • SPI Annual Report 2015
    Software in the Public Interest, Inc. 2015 Annual Report July 12, 2016 To the membership, board and friends of Software in the Public Interest, Inc: As mandated by Article 8 of the SPI Bylaws, I respectfully submit this annual report on the activities of Software in the Public Interest, Inc. and extend my thanks to all of those who contributed to the mission of SPI in the past year. { Martin Michlmayr, SPI Secretary 1 Contents 1 President's Welcome3 2 Committee Reports4 2.1 Membership Committee.......................4 2.1.1 Statistics...........................4 3 Board Report5 3.1 Board Members............................5 3.2 Board Changes............................6 3.3 Elections................................6 4 Treasurer's Report7 4.1 Income Statement..........................7 4.2 Balance Sheet............................. 13 5 Member Project Reports 16 5.1 New Associated Projects....................... 16 5.2 Updates from Associated Projects................. 16 5.2.1 0 A.D.............................. 16 5.2.2 Chakra............................ 16 5.2.3 Debian............................. 17 5.2.4 Drizzle............................. 17 5.2.5 FFmpeg............................ 18 5.2.6 GNU TeXmacs........................ 18 5.2.7 Jenkins............................ 18 5.2.8 LibreOffice.......................... 18 5.2.9 OFTC............................. 19 5.2.10 PostgreSQL.......................... 19 5.2.11 Privoxy............................ 19 5.2.12 The Mana World....................... 19 A About SPI 21 2 Chapter 1 President's Welcome SPI continues to focus on our core services, quietly and competently supporting the activities of our associated projects. A huge thank-you to everyone, particularly our board and other key volun- teers, whose various contributions of time and attention over the last year made continued SPI operations possible! { Bdale Garbee, SPI President 3 Chapter 2 Committee Reports 2.1 Membership Committee 2.1.1 Statistics On January 1, 2015 we had 512 contributing and 501 non-contributing mem- bers.
    [Show full text]
  • Practice & Prevention of Home-Router Mid-Stream Injection
    Practice & Prevention of Home-Router Mid-Stream Injection Attacks Steven Myers Sid Stamm School of Informatics School of Informatics Indiana University Indiana University Bloomington, Indiana Bloomington, Indiana Email: [email protected] Email: [email protected] Abstract—The vulnerability of home routers has been widely In Tsow et al.[1], Stamm et al. [2], Hu et al. [4], Traynor discussed, but there has been significant skepticism in many et al.[5], and Akritidis et al. [6], it has been shown that quarters about the viability of using them to perform damaging these devices are easily susceptible to malware infection, and attacks. Others have argued that traditional malware prevention technologies will function for routers. In this paper we show how in some cases denoted specific, simple attacks [1], [2] that easily and effectively a home router can be repurposed to perform could be deployed by simply making changes to a routers a mid-stream script injection attack. This attack transparently local variables, and thus the installation of malware is not and indiscriminately siphons off many cases of user entered critical. As a result, the susceptibility of these devices is not form-data from arbitrary (non-encrypted) web-sites, including questioned. The concept of drive-by pharming proposed by usernames and passwords. Additionally, the attack can take place over a long period of time affecting the user at a large number Stamm et al. [2], has already been seen in the wild in Mexico of sites allowing a user’s information to be easily correlated by [7]; this attack only requires changing the routers DNS lookup one attacker.
    [Show full text]
  • Kafl: Hardware-Assisted Feedback Fuzzing for OS Kernels
    kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels Sergej Schumilo1, Cornelius Aschermann1, Robert Gawlik1, Sebastian Schinzel2, Thorsten Holz1 1Ruhr-Universität Bochum, 2Münster University of Applied Sciences Motivation IJG jpeg libjpeg-turbo libpng libtiff mozjpeg PHP Mozilla Firefox Internet Explorer PCRE sqlite OpenSSL LibreOffice poppler freetype GnuTLS GnuPG PuTTY ntpd nginx bash tcpdump JavaScriptCore pdfium ffmpeg libmatroska libarchive ImageMagick BIND QEMU lcms Adobe Flash Oracle BerkeleyDB Android libstagefright iOS ImageIO FLAC audio library libsndfile less lesspipe strings file dpkg rcs systemd-resolved libyaml Info-Zip unzip libtasn1OpenBSD pfctl NetBSD bpf man mandocIDA Pro clamav libxml2glibc clang llvmnasm ctags mutt procmail fontconfig pdksh Qt wavpack OpenSSH redis lua-cmsgpack taglib privoxy perl libxmp radare2 SleuthKit fwknop X.Org exifprobe jhead capnproto Xerces-C metacam djvulibre exiv Linux btrfs Knot DNS curl wpa_supplicant Apple Safari libde265 dnsmasq libbpg lame libwmf uudecode MuPDF imlib2 libraw libbson libsass yara W3C tidy- html5 VLC FreeBSD syscons John the Ripper screen tmux mosh UPX indent openjpeg MMIX OpenMPT rxvt dhcpcd Mozilla NSS Nettle mbed TLS Linux netlink Linux ext4 Linux xfs botan expat Adobe Reader libav libical OpenBSD kernel collectd libidn MatrixSSL jasperMaraDNS w3m Xen OpenH232 irssi cmark OpenCV Malheur gstreamer Tor gdk-pixbuf audiofilezstd lz4 stb cJSON libpcre MySQL gnulib openexr libmad ettercap lrzip freetds Asterisk ytnefraptor mpg123 exempi libgmime pev v8 sed awk make
    [Show full text]
  • Pipenightdreams Osgcal-Doc Mumudvb Mpg123-Alsa Tbb
    pipenightdreams osgcal-doc mumudvb mpg123-alsa tbb-examples libgammu4-dbg gcc-4.1-doc snort-rules-default davical cutmp3 libevolution5.0-cil aspell-am python-gobject-doc openoffice.org-l10n-mn libc6-xen xserver-xorg trophy-data t38modem pioneers-console libnb-platform10-java libgtkglext1-ruby libboost-wave1.39-dev drgenius bfbtester libchromexvmcpro1 isdnutils-xtools ubuntuone-client openoffice.org2-math openoffice.org-l10n-lt lsb-cxx-ia32 kdeartwork-emoticons-kde4 wmpuzzle trafshow python-plplot lx-gdb link-monitor-applet libscm-dev liblog-agent-logger-perl libccrtp-doc libclass-throwable-perl kde-i18n-csb jack-jconv hamradio-menus coinor-libvol-doc msx-emulator bitbake nabi language-pack-gnome-zh libpaperg popularity-contest xracer-tools xfont-nexus opendrim-lmp-baseserver libvorbisfile-ruby liblinebreak-doc libgfcui-2.0-0c2a-dbg libblacs-mpi-dev dict-freedict-spa-eng blender-ogrexml aspell-da x11-apps openoffice.org-l10n-lv openoffice.org-l10n-nl pnmtopng libodbcinstq1 libhsqldb-java-doc libmono-addins-gui0.2-cil sg3-utils linux-backports-modules-alsa-2.6.31-19-generic yorick-yeti-gsl python-pymssql plasma-widget-cpuload mcpp gpsim-lcd cl-csv libhtml-clean-perl asterisk-dbg apt-dater-dbg libgnome-mag1-dev language-pack-gnome-yo python-crypto svn-autoreleasedeb sugar-terminal-activity mii-diag maria-doc libplexus-component-api-java-doc libhugs-hgl-bundled libchipcard-libgwenhywfar47-plugins libghc6-random-dev freefem3d ezmlm cakephp-scripts aspell-ar ara-byte not+sparc openoffice.org-l10n-nn linux-backports-modules-karmic-generic-pae
    [Show full text]
  • Designing Beneath the Surface of the Web Sarah Horton Dartmouth College 6224 Baker/Berry Hanover, NH 03755 USA 603 646-1087 [email protected]
    Designing Beneath the Surface of the Web Sarah Horton Dartmouth College 6224 Baker/Berry Hanover, NH 03755 USA 603 646-1087 [email protected] ABSTRACT clarity influence how well software can read and interpret the At its most basic, the web allows for two modes of access: visual source code. Nonvisual web access can be improved by applying and non-visual. For the most part, our design attention is focused the following guidelines for source code design. on making decisions that affect the visual, or surface, layer — Shneiderman defines universal usability as an approach to design colors and type, screen dimensions, fixed or flexible layouts. that is focused on “enabling all citizens to succeed in using However, much of the power of the technology lies beneath the information and communication technologies to support their surface, in the underlying code of the page. There, in the unseen tasks” [18]. A focus on page code design improves the universal depths of the page code, we make decisions that influence how usability of web pages by addressing access challenges in a well, or poorly, our pages are read and interpreted by software. In variety of contexts. For instance, the small viewport on mobile this paper, we shift our attention beneath the surface of the web devices presents many of the same challenges as nonvisual access. and focus on design decisions that affect nonvisual access to web This paper concludes with a discussion of how these guidelines pages. can be applied to improve web access for mobile users. Categories and Subject Descriptors 2.
    [Show full text]
  • La Gordarev2
    Pistas Educativas, No. 112, Noviembre 2015. México, Instituto Tecnológico de Celaya. Virtualización mediante MetaRouter para la implementación de una red wireless de navegación anónima tipo TOR en equipos Mikrotik Roberto David Meneses Basantes Universidad de Fuerzas Armadas, Av. Progreso s/n, Quito-Ecuador, Teléfono: 59323989400 [email protected] Darwin Leonidas Aguilar Salazar Universidad de Fuerzas Armadas, Av. Progreso s/n, Quito-Ecuador, Teléfono: 59323989400 ext. 1869 [email protected] Christian Nestor Vega Muñoz Universidad de Fuerzas Armadas, Av. Progreso s/n, Quito-Ecuador, Teléfono: 59323989400 ext. 1872 [email protected] Rita Paola León Pérez Universidad de Fuerzas Armadas, Av. Progreso s/n, Quito-Ecuador, Teléfono: 59323989400 ext. 1872 [email protected] Resumen Hoy en día la virtualización se ha convertido en la primera opción a la hora de considerar servidores y como tal presenta muchas ventajas sobre soluciones propietarias. Pero que tal si un administrador de red pudiera tener ambas soluciones en un dispositivo embebido el cual delegará responsabilidades, tanto a la parte virtual como a la parte física, manejando así una solución mixta. - Pistas Educativas Año XXXVI - ISSN 1405-1249 Certificado de Licitud de Título 6216; Certificado de Licitud de Contenido 4777; Expediente de Reserva 6 98 92 ~1506~ Pistas Educativas, No. 112, Noviembre 2015. México, Instituto Tecnológico de Celaya. La marca europea de equipos Mikrotik, mediante el software de sus dispositivos de capa 3 RouterOS, permite desde su versión 3.30, virtualizar mediante MetaRouter, una versión de Linux comprimido, llamado OpenWRT el mismo que proporciona un sistema de archivos totalmente modificable con gestión de paquetes, proporcionando al usuario la posibilidad de personalizar su firmware de acuerdo a su necesidad, lo que lo convierte en un sistema ideal para crear una aplicación sin que el firmware sea el limitante.
    [Show full text]
  • Active Defense and Prevention: Proxy Servers, Configurations, VPN
    Cyber Defense Overview Active Defense and Prevention: Proxy Servers, Configurations, VPN John Franco Dept. Electrical Engineering and Computing Systems Proxy Servers An application-layer gateway Manages specific protocols such as ftp, http, BitTorrent Intercepts and analyses traffic Recognizes application-specific commands and applies controls, if necessary – in other words, adds visibility to application traffic Security policies are checked to determine disposition Enables some protocols to work through NAT - entry is on, say, one port, packet is mapped to normal port providing service ssh -D 8000 gauss.eccs.uc.edu provides a SOCKS (Socket Secure) proxy Implementation details can be hidden from outsiders Proxy Servers Examples (in addition to SOCKS): Privoxy http://www.privoxy.org Open Source (GPL License) Non-caching web proxy with advanced filtering capabilities - Provides enhanced privacy - Modify web page data and HTTP headers - Control access - Remove ads and other obnoxious Internet junk. sudo apt-get install privoxy sudo /etc/init.d/privoxy start Firefox: http proxy ©localhost©, port 8118 http://config.privoxy.org http://www.privoxy.org/user-manual/ actions-file.html#ACTIONS /etc/privoxy/config, user.action Access Control/Security: http://.../user-manual/config.html Proxy Servers Examples (in addition to SOCKS): Squid http://www.squid-cache.org Open Source (GPL License) Caching and forwarding web proxy - Speeds up a web server by caching repeated requests - Has traffic filters, controls access - Security pitfalls: http://wiki.squid-cache.org/SquidFaq/
    [Show full text]