On 27.08.2015 10:50, spriver wrote: > After downloading Tor I just had to set up the proxy > in the network settings of Tor. It worked right out of the box. I was a > bit surprised because we have a bit strict access list for websites and > a really high security standard. (and I do not understand the blocking > of the Torproject website). (maybe I should try to get an OONI-Test in > there?) Obviously they don’t detect tor as an application. Bluecoat and all major application aware firewall platforms are able to detect tor via its handshake. The only thing you can do in such a scenario is to use pluggable transports but even then they could block skype or whatever your client is trying to look like. So, at the end of the day all this is the result of a misconfiguration security policy. > Of course it's every employers own decision to allow or deny certain > websites since it's their corporate network. But claiming Tor as "bad" > and malicious (IBM) is not the reality. I totally aggree with that, you get payed for working in there and using tor on a company pc is defiantly not related to a "normal" job. In fact it must be considered as a security breach - some kind of data leakage or malware using tor - which exists. The german law is pretty clear about "spying" on you at your work place and your employer is responsible to inform you regarding the fact that he is gathering statistics about surfing behaviour or that he is intercepting ssl.
And - don’t burn me - I understand the fact that a standard website like a standard webshop or something is facing more problems with tor than it sees a benefit for its customers. So blocking all exits seems to be reasonable in the end. Saying that the insecure web-application is the problem, not tor which is used to attack it is also absolutely true but its the same discussion as in the field of web application firewalls. I am tired of hearing stuff like "the developers should do their homework and fix their shit" in fact web programmers ARE a bit lazy and they ARE under high work load and they often AREN’T high graded security experts - so they WONT fix it. So why don’t give them a waf and block tor in case you have nothing to do with lets say, news, social content or whatever? Best regards! F -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
