[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Securing a Relay - chroot

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Securing a Relay - chroot
From: Marsh Ray <marsh@xxxxxxxxxxxxxxxxxx>
Date: Fri, 27 May 2011 12:05:49 -0500
Cc: CACook@xxxxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 27 May 2011 13:06:35 -0400
In-reply-to: <201105270922.01953.CACook@xxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <520290.88475.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <201105270644.37074.CACook@xxxxxxxxxxxxxxx> <4DDFBEF7.2020709@xxxxxxxxx> <201105270922.01953.CACook@xxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110424 Thunderbird/3.1.10

On 05/27/2011 11:22 AM, CACook@xxxxxxxxxxxxxxx wrote:

On Friday 27 May, 2011 08:10:47 tagnaq wrote:

You do not mention the threats you worry about and assets you care
about (thread model + security requirements).


Yes that's because I don't know what threats there may be.


http://en.wikipedia.org/wiki/There_are_known_knowns

I am a
user, I don't have an MS in Computer Science.


Heh, I've known those who do who couldn't get as far as you have already.

 For example I don't
understand, "maps subnets and/or ports to inside. Separating traffic
into VLANs. In general having a lot more control of the hardware
layer."


Wikipedia has a great article on VLANs.

What good is this if users can't secure their own machine
effectively?
Why set up a relay if my own machine could be
compromised?

You are asking entirely valid questions that the entire data securityindustry also struggles with every day on a deep level. I don't have areal satisfying answer for you.

You already understand the key point though: separation. Decide whichsystems you trust and for what purpose in what contexts you trust them.Place systems in different trust zones accordingly. Implement barriersbetween the zones and be very selective about what is allowed to pass.

No wonder you have a hard time recruiting relays, much
less exit points.  I guess the coyness here is for some good reason,
but it's not doing the cause any good.  Looks like I have to give up
on a relay.

Computers and networks are inherently good at copying and leakinginformation, they do it without even trying. Providing an open servicewhile perfectly blocking the flow of selective information is actuallyextremely difficult to do on shared hardware.

There is always a cost to security, usually complexity, performance,administration, and money. I find this stuff fascinating and spend allmy learning about it. But when I set up a relay the other day, I choseto address most of these problems with money: I paid a few dollars amonth for a remote virtual host environment having no trustrelationships with any of my other systems.


- Marsh
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- Re: [tor-talk] Securing a Relay - chroot
  - From: Martin Fick
- Re: [tor-talk] Securing a Relay - chroot
  - From: CACook
- Re: [tor-talk] Securing a Relay - chroot
  - From: tagnaq
- Re: [tor-talk] Securing a Relay - chroot
  - From: CACook

Prev by Author: Re: [tor-talk] Tor TLS error
Next by Author: Re: [tor-talk] Tor TLS error
Previous by thread: Re: [tor-talk] Securing a Relay - chroot
Next by thread: Re: [tor-talk] Securing a Relay - chroot
Index(es):
- Author
- Thread