[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Securing a hidden service

On Fri, Dec 07, 2012 at 09:50:32PM +0000, Aaron Brouard wrote:
> I'm trying to make my hidden service more secure. It runs on a server
> running Ubuntu 12.04.1 LTS server version. I have set up full disk

If you can't place the service on physically distinct machines,
private (RFC1918) address space with ACL lockdown in the switches
(or at least, dedicated VLANs) you can at least compartmentalize 
the application into virtual server guests (heavyweight via KVM 
or lightweight via LHC https://help.ubuntu.com/community/LXC or Linux VServer) 
and firewall it on the host.

> encryption and a basic firewall but I want to do more. If an attacker
> managed to compromise nginx or apache (whichever I decide to use), is there
> a way I can prevent the web server from sending any data outside of the Tor
> network? An apparmor profile or something?
tor-talk mailing list