[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13703 [Tor]: Adding doc/HARDENING

Subject: Re: [tor-bugs] #13703 [Tor]: Adding doc/HARDENING
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 28 Nov 2014 15:38:11 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 28 Nov 2014 10:38:18 -0500
In-reply-to: <044.4c281888e1565dae54a49a48f8f1b945@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.4c281888e1565dae54a49a48f8f1b945@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#13703: Adding doc/HARDENING
-------------------------+-------------------------------------------------
     Reporter:  mmcc     |      Owner:
         Type:           |     Status:  new
  enhancement            |  Milestone:  Tor: 0.2.???
     Priority:  normal   |    Version:  Tor: unspecified
    Component:  Tor      |   Keywords:  hardening, security, opsec, docs
   Resolution:           |  026-deferrable lorax
Actual Points:           |  Parent ID:
       Points:           |
-------------------------+-------------------------------------------------

Comment (by cypherpunks-duplicate):

 Some more advanced points to add for servers:

 IPMI and BMC/RMC awareness. Make sure you don't expose any management
 interface on server IP or dedicated IP. Check from inside the providers
 network and from outside. Nmap -sSV -p1-65535

 Configure mail system with TLS for outgoing mail only and with local
 (providers) smtp relay, if available

 Use simple log monitoring tool to alert in case of strange happenings.

 Before bringing the server online, install and configure tripwire.

 If possible, use a trusted hardware firewall to lock down traffic to
 exactly what is needed to operate. Have the firewall log any outgoing UDP
 traffic from the server, and if such traffic is observed and non-
 explainable, consider the hardware compromised.

 Use availability monitoring and latency monitoring (smokeping) to be in
 the picture what happens with the server.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13703#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #13703 [Tor]: Adding doc/HARDENING
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #13603 [Tor]: too much IOERRORS ? (was: a lot of IOERRORS if traffic is higher than about 12 MBit/sec)
Next by Author: Re: [tor-bugs] #13852 [Tor Messenger]: Check HTTP requests from add-ons
Previous by thread: Re: [tor-bugs] #13703 [Tor]: Adding doc/HARDENING
Next by thread: [tor-bugs] #13704 [Tor Browser]: tor circuit display should accomodate more than 3 relays
Index(es):
- Author
- Thread