Proxy Liability Question
Results 1 to 3 of 3

Thread: Proxy Liability Question

  1. #1
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901

    Question Proxy Liability Question

    Hi all.

    Our company (security related) wants to try to protect our customers when online via proxying. We have the means of setting up a dedicated proxy server with its own static ip. Its use would be limited (against payment) to our customers only (via identification). We would also use virus scanners, as well as filter out bad urls. My question is......

    If the proxy is compromised (an unauthorized user manages to surf via our proxy) and does "bad" things to others (hiding behind our proxy), who is held liable. Do we have to follow some "standard" procedure as in a permission to setup a proxy (against money that is), and in case of a compromise, who's fault is it officialy. Ofcourse we will have logfiles and make them available to authorities if needed. But if the whole server gets compromised (as in deleting logfiles etc....), can we be held responsible in any way. Also, if a virus or any other harmful code does bypass our scanners/filters, and does harm one of our customers, up to what point are we liable? Thing is, i dont know what terrms im actually looking for to search via search engines. The other thing is, here in Greece, things are behind quite a bit, so the word proxy doesnt mean much to "most" authorities/ISP/users. Im sorry if this last statement sounds offensive to Greeks, no offense intended, but i cant express myself any other way. Any advice would be very welcome.

    Cheers to all AO surfers.
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  2. #2
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    I think the log files should be enough... Haxors use proxies all the time- it would be almost ridiculous for your gov't to hold you/your firm liable, esp. since they hacked into your proxy... That would be kind of funny if the gov't started prosecuting those who were hacked, lol...

    Btw- Im not a lawyer (def. not a lawyer in your country) Look up the laws, but I would guess no!
    yeah, I\'m gonna need that by friday...

  3. #3
    It's a gas!
    Join Date
    Jul 2002
    Posts
    699
    Would this be a compulsary measure for your clients, to connect to the www via this proxy?

    Well i would guess, that because you are running the proxy server then you would be responsible for securing the server so that an unauthorised person could not compromise it!

    Again if the user does not have to connect via the proxy then you are not liable, as this was the users choice to use the proxy!

    Thats my opinion on this, but by no means am i up to speed on the legalities of this...

    Cheers

    r3b00+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •