I used to date an Asian girl who called me that. I would say that the implications of a Tor relay behind the fw are the same as any other service behind a firewall. You can't really look at it as a "probability of being hacked" any differently than you would for a SMTP gateway; which is to say, vendor vulnerability history aside, they should be considered equal.
I guess you could look at the service workflow differently for a strict relay of IP traffic coming in and going out differently than something like a web server where you have IP coming in and file access going on in the background. Things to keep in mind are the context of the Tor service's execution, and what restrictions you can place on it. If it can run as a Guest user or LocalService, then that is way better than LocalSystem. I would also consider the least privilege model - for SMTP, it has to make its way to your infrastructure somehow (in general) so you secure it based on that need. But with Tor, your infrastructure doesn't need to see any of that traffic. I put mine up in my DMZ on a VM, but to be honest, I've not done much with it. But anyway, I try to keep the "dirty" traffic as far away from "clean" traffic as I can in the same way that I try to keep Steve Moffat as far away from my wife as I can. If there is no need for your traffic to be internal, then don't put it there. If you must, then lock that guy down as much as you can just like any other service carrying data that you do not control or trust. t >-----Original Message----- >From: [email protected] [mailto:[email protected]] >On Behalf Of [email protected] >Sent: Wednesday, January 12, 2011 9:28 AM >To: [email protected] >Subject: Tor > >Hello Everyone, > >What are the security implications of running a Tor relay on a machine behind >a firewall? > >Is there a high probability of it being hacked somehow, and what does one do >to prevent that? > >Thank you in advance for your time and advice. > > > >mailto:[email protected]
