Trutzbox Manual
Contents
1 Use of the TrutzBox® (-> for users)
The TrutzBox® is delivered by Comidio with security settings suitable for everyday use, so that even inexperienced users can email and surf immediately protected and without a trace.
The following sections describe the functions and options that the inexperienced user can use immediately after setting up TrutzBox.
These include:
- TrutzBrowse: Traceless surfing through modified, incomprehensible browser profile data.
- TrutzMail: End-to-end email service with encrypted content and encrypted metadata.
- TrutzContent: Maximum protection for children and young people by using filter lists to block inappropriate websites.
- TrutzRTC': Real-time communication with TrutzChat (Messaging) and TrutzMeeting (Audio and Video Conferencing Service)
- TrutzBase: Use of modern virus protection, firewall and intrusion detection systems
1.1 Traceless Surfing - TrutzBrowse
Independent of browser (e.g. Mozilla Firefox, Chrome, Internet Explorer, Safari, etc.) and operating system (Microsoft windows, Apple iOS, Linux), the TrutzBox helps to avoid data tracing while surfing.
Use your browser as usual (in the following as an example with windows 7 and Firefox).
1.1.1 TrutzBrowse in standard operation
The TrutzBurg symbol in the upper right corner of the website indicates that TrutzBrowse is activated with the security settings. With the above setting, the TrutzBox (symbol: TrutzBurg) and the Tor network (symbol: onion) are activated.
The color of the TrutzBurg shield indicates the setting of the security slider for this URL; green = level 1 = highest security level; red = level 9 = lowest security level.
If there are operating elements on the website which are hidden by the TrutzBurg and can therefore no longer be operated, the TrutzBurg can be moved to another corner of the browser window.
For touch screens, simply touch the symbol for longer than 1s.
After clicking on the TrutzBurg, the security slider and four further functions are available.
The Security-Slider can be set to 10 security levels (Level 1 = highest protection up to Level 9 = lowest protection; Level 10 = for this website the TrutzBox is switched off). From level 1-9, the user can make the settings himself. If set to level 10 (TrutzBox protection is disabled), only the administrator can reset the level for this website.
On delivery, the security slider is set to "highest security level" (level 1, green, far left).
If the website shows malfunctions, e.g. because it wants to store a cookie, the user can gradually deactivate individual security and anonymisation measures by dragging the security slider to the right (towards red) in order to restore the website's functionality.
However, the security level should only be reduced for trusted websites.
Click on "Details" to see a list of all web accesses accessed from this website.
Blocked HTTP calls are marked by a "red crossed out circle“.
The overview also shows the HTTP headers that have not been completely blocked (marked by a "green tick in a green circle").
This makes it obvious which data was transmitted from the browser to a Web server ("Request" tab) and which data went from a Web server to the browser ("Response" tab).
Depending on how the TrutzBox® is configured for the current position of the Security Slider, certain HTTP header data may not be transmitted to the web server at all (blocked headers) or may be changed (replaced headers).
On the left, the HTTP calls are listed, which are automatically called in the background - without the user's active intervention - in addition to the web page called up by the user (here: www.krone.at). On the right under "Details" you can see which header information has been blocked or replaced.
Click on one of the HTTP calls listed on the left to obtain additional information on this.
Set a check mark to " Nur Blockierungen anzeigen ", then only the blockings are listed.
-> Table of Contents (of this manual)
1.1.2 TrutzBrowse for experts
The TrutzBox® monitors web access and is thus able to prevent unwanted data traffic. The TrutzBox® distinguishes whether a device or a user calls up a web page directly or whether a web server - after the deliberately called up web page has been loaded - contacts further web pages and loads them without the user's knowledge and without his consent.
The TrutzBox® offers two different basic functions for this purpose:
1. TrutzContent:
A content filter that prevents a device or user from directly accessing a particular Web page. Examples of unwanted calls:
- A young person wants to load a website with content harmful to young people.
- An Internet device unnoticedly calls up a web page in the background without a user deliberately initiating it. These can be TVs, washing machines or game consoles (if they are connected to the Internet), or even the standard Internet browser of the user's PC, which in turn contacts Mozilla or Google or the server of a plug-in provider independently, for example.
The TrutzBox® checks if the contact to such a server is allowed and blocks the connection to this server if necessary.
2. TrutzBrowse:
A user or an Internet-enabled device has validly accessed a Web page. When loading the page, however, this website contacts other web servers (often commercial data trackers) that may be interested in the user data. TrutzBox® monitors calls to other web servers that are indirectly contacted without the user's knowledge during the loading process of the deliberately accessed web page.
In both case 1 (TrutzContent) and case 2 (TrutzBrowse), the TrutzBox® compares every web page called up with the web pages (filter lists) known to it. Comidio provides approx. 110 filter lists covering 55 different Internet topics. These filter lists are updated regularly. The TrutzBox® Administrator can add own filter lists if required.
Approach of the TrutzBox®:
Wenn ein Internet-Nutzer eine Webseite aufruft, dann prüft die TrutzContent Funktion zunächst, ob der PC und/oder der Nutzer, der diesen Webseitenaufruf angestoßen hat, diese Seite überhaupt aufrufen darf. Soll diese Webseite gemäß den Filterlisten blockiert werden, dann bekommt der Internet-Nutzer im Browser eine Fehlermeldung angezeigt.
If the website can be accessed, the TrutzBox® allows the data from the web server to pass to the browser, but it monitors each call to other web servers that the website then contacts automatically. Usually a website loads additional content from many other web servers. For each contact with a web server other than the originally called web server, the TrutzBox® checks whether this later called web server is in a filter list group "TrutzBrowse". If it is listed there, the connection to this server will be blocked.
This prevents data tracker calls that are programmed into most websites, and data trackers cannot spy on user behavior.
Each time a Web server is granted (permitted) access, information is sent from the Web browser to the Web server via the HTTP header (http request header). Without the TrutzBox® the browser would then deliver this requested data to the web server. This can be very personal data, such as which other pages you have recently called up, are you currently logged on to Facebook or how exactly does your PC/browser configuration look in order to recognize you on further calls. The HTTP header filter also controls the setting and retrieval of cookies
With its TrutzBrowse function, the TrutzBox® is thus able to control the entire HTTP data exchange on the Internet and to block or falsify these HTTP header data as long as they are not absolutely necessary..
-> Table of Contents (of this manual)
1.1.2.1 Handling SSL connections
The proxy can only break (and analyze) an SSL-encrypted connection between a program and a server if the SSL key has been signed by one of the known certificate authorities. Here are two cases where breaking the encrypted connection does not work:
- if an app establishes an encrypted connection to the server, but the key used is a self-generated key and has therefore not been signed by an official certification authority. If the app is a browser, the user is asked if he accepts the server. If the app is not a browser, the user cannot be requested.
- if the client is authenticated. In this case, a key is usually programmed into the client.
In all cases where the SSL connection cannot be broken, the SecSlider is automatically set to L10 and thus the data transfer is no longer analyzed. This ensures that apps still work "without manual intervention". The user (or the TrutzBox administrator) can deactivate this automatic feature in the "Configure filter" menu with the option "If SSL errors occur, automatically deactivate filtering for the selected domain". The data connection is nevertheless displayed in "Status" for checking purposes. Since this automatic activation only becomes effective if the server has not yet been set in the slider table, this automatism can also prevent a single server if the SecSlider is set manually to any value for this server.
-> Table of Contents (of this manual)
1.1.3 Install proxy switch for activating/deactivating the TrutzBox® in the browser
Attention: Switching the TrutzBox on and off as a proxy (="Call forwarding") only makes sense if the browser to be used (or the terminal device used, e.g. PC) is operated in "proxy mode", i.e. the PC is connected to the Internet router (and not directly to the TrutzBox).
If the browser to be used (or the end-device used, e.g. PC) is operated in "transparent mode", i.e. the PC is connected directly to the TrutzBox (and not directly to the Internet router), I do not need a switch, as the PC is constantly protected via the TrutzBox and switching a proxy on or off makes no difference..
As is known, it is possible to activate or deactivate the TrutzBox® functionality "TrutzBrowse" by activating/deactivating the "PAC" file in the browser settings.
If you want to save yourself these "efforts", you can also install a "proxy switch" (in the form of a downloadable "Add-On" = additional function) in the respective browser and then easily activate or deactivate the TrutzBrowse functionality by simply pressing or selecting it in the browser header line.
The following shows the installations of two proxy switches:
- for Browser "Firefox": Add-On „Proxy Switcher“ and
- für Browser "Chrome": Add-On „Proxy SwitchyOmega“.
Of course, other proxy switches can also be implemented and used.
1.1.3.1 Proxy Switch for "Firefox" Browser
Attention: Switching the TrutzBox on and off as a proxy (=" Redirection") only makes sense if the browser to be used (or the end-device used, e.g. PC) is operated in "Proxy Mode", i.e. the PC is connected to the Internet router (and not directly to the TrutzBox).
If the„FoxyProxy Standard“ add-on is implemented, the user can activate and deactivate the "Trutzbox" proxy and thus the TrutzBrowse function by clicking the Proxy Switcher button (orange fox head) in the browser header.:
- to switch on: by clicking on the symbol "crossed out, orange fox head" the FoxyProxy selection window appears; there click on the green line "Use proxy Trutzbox for all URLs (ignore patterns)'" and the proxy is switched on and the symbol "orange fox head" appears.
- to turn off: by clicking on the symbol "orange fox head" the FoxyProxy selection window appears; click on the red line "Turn Off All Proxies" and the proxy is switched off and the symbol "crossed out, orange fox head" appears.
The"FoxyProxy Standard" add-on is installed as follows:
- Click on "Extras" (1).
- Click on "Add-ons" (2).
-> Table of Contents (of this manual)
- Ganz nach unten scrollen (1).
- Click on "Sehen Sie sich weitere Add-ons an!" (2).
-> Table of Contents (of this manual)
- Enter "proxy switch" in the search field (1).
- Click on "FoxyProxy Standard" (2).
-> Table of Contents (of this manual)
- Click on "+ Zu Firefox hinzufügen" (1).
-> Table of Contents (of this manual)
- Click on "Hinzufügen" (1).
-> Table of Contents (of this manual)
- The symbol "FoxyProxy switched off" (crossed out logo) is displayed in the symbol line. (1).
- Scroll all the way down (2).
-> Table of Contents (of this manual)
- If this view appears, click on "Cancel". (1).
-> Table of Contents (of this manual)
- To enter the Trutzbox as a proxy: Click on "Add" (1).
-> Table of Contents (of this manual)
- Drop down the selection field (1).
- Click on "HTTP" (2).
-> Table of Contents (of this manual)
- Enter descriptive name, e.g. "Trutzbox“ (1).
- Enter "trutzbox" as server name (2).
- Enter "8081" as the port address. (3).
- Click on "Save" (4).
-> Table of Contents (of this manual)
- Click on the symbol "FoxyProxy switched off" (crossed out logo) in the symbol line. (1).
- Switch on the Trutzbox as proxy by clicking on "Use proxy Trutzbox for all URLs" (2).
-> Table of Contents (of this manual)
In the symbol line, the "FoxyProxy" symbol (1) indicates that the proxy is switched on.
-> Table of Contents (of this manual)
- Test input of e.g. "focus.de" (1).
- The Trutzburg (Trutzbox symbol) appears in the upper right corner in the color of the slider setting and shows the number of avoided tracker calls (2).
-> Table of Contents (of this manual)
- To switch off the proxy: click on the "FoxyProxy" symbol in the symbol line (1). Then the selection menu opens up.
- In the selection menu, click on "Turn Off All Proxies (2).
-> Table of Contents (of this manual)
- In the symbol line, the symbol "FoxyProxy switched off" (crossed out logo) indicates that the proxy is switched off (1).
- Durch Refresh, bzw. erneutes Aufrufen, also z.B. Klick auf (2), wird die Seite neu aufgebaut.
-> Table of Contents (of this manual)
- Since the proxy is now switched off, the Trutzburg (Trutzbox symbol) is not displayed in the upper right corner. (2).
-> Table of Contents (of this manual)
1.1.3.2 Proxy Schalter für Browser "Chrome"
Caution: Switching the TrutzBox on and off as a proxy (="Call forwarding") only makes sense if the browser to be used (or the terminal device used, e.g. PC) is operated in "proxy mode", i.e. the PC is connected to the Internet router (and not directly to the TrutzBox).
If the add-on "Proxy SwitchyOmega" is implemented, the user can press and select a button in the header line of the Chrome Browser in the form of a ring:
- To switch on: click on grey circle. Ochre circle shows: TrutzBrowse is switched on.
- to switch off: click on the ochre circle. Grey circle shows: TrutzBrowse is switched off.
How to implement the "Proxy SwitchyOmega" add-on:
Click on menu selection (1); click on "More Tools" (2). "Click on "Settings" (3).
Click on „Mehr Erweiterungen herunterladen“ (4).
-> Table of Contents (of this manual)
I Enter "switchy" in the search field (5). Click on „+ HINZUFÜGEN“(6).
Click on „Erweiterung hinzufügen“ (7).
-> Table of Contents (of this manual)
The confirmation message that the switch has been added.
Click on „Skip guide“ (8).
Enter „TrutzBox“ (09). Click on „PAC Profile“ (10).
-> Table of Contents (of this manual)
Enter „http://trutzbox/api/proxy/pac“ (11). Click on „Download Profile Now“ (12). Click on „Apply changes“ (13).
Click on „Interface“ (14). Click on „Quick Switch“ anklicken (15).
-> Table of Contents (of this manual)
Pull "TrutzBox" upwards (16). " Pull up [Direct]" (17). "Click on "Apply changes (18).
To switch on: click on the grey circle (19). Ochre circle shows: TrutzBrowse is switched on.
To turn off: click the ochre circle (20). Grey circle shows: TrutzBrowse is switched off.
-> Table of Contents (of this manual)
1.2 Encrypted Mailing - TrutzMail
You can use TrutzMail either via
- an immediately usable web-mailer: http://trutzbox/mail (Roundcube),
- your usual e-mail system (e.g. Outlook) or
- both ways.
1.2.1 Using the Web-Mailer
The Web mailer is called via https://trutzbox/mail.
The login is done by entering the user name and password. Both were created by the administrator either at the Setup or [Manage Main Page#User|after]].
Eingangs sehen Sie den Ordner "Posteingang".