[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] On verifying security of Tor Routers idea

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] On verifying security of Tor Routers idea
From: Lee <ler762@xxxxxxxxx>
Date: Wed, 21 Dec 2011 16:15:51 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 21 Dec 2011 16:16:10 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=vX+vFaEHoTWuFqmmRNtCgWftbBa9vJXyVc4CQXc26qk=; b=AG/1K+zXzL+Fw6m7gyCqtCwRzb0zPIBBOd3YMI5IitzfclyoAbYa3/FQqmAejrUgZJ 5ICoXDoZTRJIg+eC3hd5j7ETfrW4+Yqqv+W7wPQ/tzpLcPUgbERRVskakwdLTw/pbe3K yzyNzePj5wOq3kPqYVWza/84URVZdYcDBd5cE=
In-reply-to: <4EF1D1D2.3080908@xxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4EF1D1D2.3080908@xxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

On 12/21/11, Fabio Pietrosanti (naif) <lists@xxxxxxxxxxxxxxx> wrote:

A lot more than I'm willing to critique.  My suggestions are

Add a PHASE-0.5: Email out requests for permission to scan &
permission to publish the scan results to all tor node contact
addresses

PHASE-1: b) Portscan all Tor Router>> that we have received permission
to scan<<, save it via XML

PHASE-2: f) Publish the Statistics result Summary>> for the nodes that
we have received permission to publish stats<<

PHASE-4: remove all nodes from the concensus that do not meet the new
Tor security standards


This isn't that far from a proposal for a system whose results could
be trusted.  Just drop the ethically-challenged hacker mindset & ask
for permission to scan as well as permission to publish.

Lee


> I sketched down an idea of a possible process and phases to setup a
> system to monitor the security of the Tor Routers by using Nmap
> portscanning facility with application fingerprinting, by not using an
> invasive Nessus testing.
>
> PHASE-0: Define a best practice
> PHASE-1: Handle periodic scanning+alerting
> PHASE-2: Public aggregated Security statistics
> PHASE-3: Add CVE vulnerability checking
> PHASE-4: Full Public Disclosure
> PHASE-5: Introduce a Tor Security Rating
>
>
> Probably with 0.1/1 day python coding it can be done with a stateless
> system (no no change management monitoring, etc).
>
> A dedicated server with a reasonable hostname
> (tor-portscanner.domain.tld) and with a web page explaining the project
> would be required.
> Possibly something with a customized whois to prevent annoying reports
> from people that automatically send abuse-complaint (It's fun to see
> that there are Tor Servers that if are portscanned automatically send an
> abuse complain!).
>
> PHASE-0: Define a best practice
>
> Define a best practice from system and network security point of view.
>
> Something like:
> - Don't internet expose services that are not strictly required to keep
> the Tor Router functionalities (for example Tor + SSH)
> - Don't internet expose outdated/vulnerable software
> - Don't run outdated Tor version
>
>
> PHASE-1: Handle periodic scanning+alerting
>
> a) Extract list of all Tor Router + Contact Info
>
> b) Portscan all Tor Router, save it via XML
>
> c) Cleanup the XML scan from the Tor Used port (for the specific Tor Router)
>
> d) Send an email with portscan results to the Contact info informing him
> about the current status of Non-Tor specific opened port
>
> PHASE-2: Public Statistics
>
> e) Create statistics
>   - Count how many Routers have X amount of ports opened
>   - Show (sorting by "amount of open port) the list of Tor Routers
>   - Count for each port, how many Tor Routers have it opened
>   - Show for each port, the port statistics
>
> f) Publish the Statistics result Summary
>
> PHASE-3: Add CVE vulnerability checking
>
> g) Use CVE scanning to match Vulnerability Level using as input data
>    - "Nmap Application Fingerprinting"
>    - "Tor Version"
>
>   - Add data to the email sent to Tor Router Contacts the CVE
> vulnerability match
>   - Publish statistics for vulnerabilities present on the Tor Network
> based on CVE statistics
>
> PHASE-4: Full Public Disclosure
>
> When the network reached a good level of Network security  with almost
> no or few security vulnerabilities, it would seems reasonable to me to
> do full-public disclosure of that process and data.
>
> I mean, those kind of data can be collected by anyone with 2 command
> line, so they are not secret and it's not difficult to retrieve it.
>
> So it's reasonable that, after a first assessment period, they got
> published.
>
> So in that phase also the "raw data" will be provided.
>
> The name of Tor Nodes, hostname, IP address associated with result of:
> - Portscan
> - Application Fingerprinting
> - Matching with the CVE database
> will be fully internet exposed dynamically, with grid where a person
> would be able to see statistics of various type:
>
> - All outdated Tor Servers
> - All Tor servers running outdated software
> - All Tor Servers running un-needed services (like a SQL Server)
> - TOP opened ports servers
>
>
> PHASE-5: Introduce a Tor Security Rating
>
> Let's define a "Security rating" to provide a "number" associated with
> each Tor Router.
> That number could represent the "compliance" respect to a Best Practice.
>
> All nodes would get assigned a Security Rating and that security rating
> may be then used directly by Tor Client, for example to use only Tor
> Routers that are known to respect the Best Practice.
>
>
>
> From here a continuous ongoing process will always guarantee and show in
> a transparent way which servers are following a best practice.
>
>
> In the end by implementing a process like that, in the medium term the
> Tor Network will be much more secure because there will be a public
> incentive in keeping a Tor Router secure and following a best practice.
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] On verifying security of Tor Routers idea
  - From: Chris
- Re: [tor-talk] On verifying security of Tor Routers idea
  - From: Damian Johnson

References:
- [tor-talk] On verifying security of Tor Routers idea
  - From: Fabio Pietrosanti (naif)

Prev by Author: Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
Next by Author: Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
Previous by thread: [tor-talk] On verifying security of Tor Routers idea
Next by thread: Re: [tor-talk] On verifying security of Tor Routers idea
Index(es):
- Author
- Thread