This appears to be running on port 4567, just FYI many firewalls won't allow nonstandard ports. Perhaps port forwarding or a DNAT rule could help you reach a larger audience?
Yeah I don't get these corporate firewalls, as a cyber security student I've yet to see a single occasion where blocking a port has helped block an attack rather than annoy powerusers (or normal users also, occasionally).
So that's why I use https://torproject.org/download the whole day and never have any trouble with blocked sites (e.g. Pastebin; Slideshare) or blocked ports (e.g. :8080 was used today by some random site in XHR).
In the real world, it's common to see network professionals who apparently specialize in preventing communications between computers. Similarly, it's common to see DBA's whose number one goal seems to be preventing anyone from accessing the data. And it's also common to find engineers who seem focused on seeing every goal as impossible, and business analysts who when they hear what you want tell you why you can't have it. It's not rational but it's very common!
Thanks for the snarky remark, but I posted that post via Tor from inside the corporate firewall. In fact I mentioned that I use it the whole day. If that doesn't prove it works, I don't know what should.
The whole point of the Tor network is that anyone can access the Internet through it uncensored, regardless of countries' or corporate firewalls.
That's true. You probably can get out. Until the security team catches you, which they really, really can do. Trust me, I do it for a living. And then you're in trouble for violating the terms of your employment, and then HR gets involved, and then you are fired.
Like I said, if you're going to work in security, you're going to have to consider a lot more than can it be done. Corporate security is more closely tied to HR and the business than it is IT. You can't break the rules just because it's technically possible. It would be your job to find the people who are doing exactly that and report them to HR.
> Until the security team catches you, which they really, really can do. Trust me, I do it for a living.
True, I don't doubt they can if they wanted to, simply look for connections to known Tor nodes (of which there is a list). So long as I don't bother using a bridge node of course.
As for being fired, I don't think it's that strict. The company policy is aimed at blocking people from posting the company's slides on Slideshare, using icons from icon sites without a license (some icon site is also blocked) or pasting sensitive data on Pastebin by accident. As long as I don't do these things, I am not violating corporate policy, while I do need some of these sites to do my work.
If they make shitty policies that apply to the people who don't know what they are doing as well as to the people who do know what they are doing (or even need some of those sites), they can expect people to work around it. Rules are to be followed within reason. And if people are that strict, I don't want to stay in that company. Even as a student I'm asked to do work enough times that I don't doubt I could switch jobs in a matter of weeks.
>Even as a student I'm asked to do work enough times that I don't doubt I could switch jobs in a matter of weeks.
That's true, no one should ever be unemployed if they have infosec on their resume.
Do everything you can to learn how to bypass anything. Hack as much as you get your hands on. Break everything. Code all the things. It's really good for you and good for your career.
But I've had enough interns come work with me and then the company gets a letter from HBO because the intern thought no one was watching him torrent off our 2Gbps pipe. I've had college hires who spent the day browsing porn in incognito mode thinking the company couldn't see it. I've seen people using VPNs to mask the fact that they're getting paid to watch Netflix. And every single one of them wonder how in the hell we knew what they were doing.
Companies spend literally millions of dollars in security products to know exactly how their employees are misuing company property and company time. If you think there isn't a security tool that shows people using Tor, I think you're wrong.
I'm not telling you to stop. I'm not your manager. I just like helping people in infosec keep from making rookie mistakes. I've seen it way too often.
I humbly submit you haven't seen an environment that was high security.
There's two general ways to treat Internet traffic, whitelisting and blacklisting. Many companies will simply use blacklists. These are easy to bypass as you are well aware. I have seen more than one environment that was whitelist based, no machine can access any other machine that isn't required for it to do it's job. Anyone needing to override a block enters a username, password, and reason, if they have the authority to do so, which leaves an audit trail.
Security and convenience is often a trade off, you do a risk assessment to determine if it's worth the risk to you and your company. For many people and companies, it's not, so they blacklist.
So that's why I use https://torproject.org/download the whole day and never have any trouble with blocked sites (e.g. Pastebin; Slideshare) or blocked ports (e.g. :8080 was used today by some random site in XHR).