There's a good guide for this which was written around a year ago available at: http://www.olyhackbloc.org/hidsec.pdf The original post seems to be found here: http://www.mail-archive.com/or-talk@xxxxxxxxxxxxx/msg11575.html As for virtual machines, if an adversary is able to break through a fully virtualized machine, another level of protection won't do you much. If you're worried about an attacker with those kind of skills, you're better setting up a "drop box" which contains a hidden service server that you can drop in any area that isn't connected to you. Be creative ; ) Jimmy Dioxin On 09/13/2010 03:45 PM, Robert Ransom wrote: > On Mon, 13 Sep 2010 14:12:35 -0400 > hikki@xxxxxxxxxxxxx wrote: > >> When running a hidden service, obviously hidden so no one can find the >> true source and IP of the web server because lives may be depended on >> that, I've heard that the best and safest way is to use a dedicated >> server computer with two operating systems and the server being inside a >> virtual machine. So if the web server should get cracked, the cracker >> will be locked inside the virtual machine and cannot do side-channel >> attacks or any other clever methods to reveal the true source. >> >> Then I read somewhere that theres even a more secure way, and that is by >> using two dedicated computers. One computer with the web server running, >> >> being connected with a LAN cable to the second computer which works as a >> firewalled router with Tor running on it with the hidden service keys. >> Again, if a cracker cracks the server machine, he will be physically >> trapped inside the server and cannot access the second computer nor the >> internet directly. > > He *would* be able to access the Ethernet card in the > Internet-connected gateway box, and I have seen reports of at least one > Ethernet card with an unauthenticated remote-update backdoor which > could be used to take over the entire computer through DMA. At the > very least, virtual network adapters are unlikely to have intentional > backdoors hidden in them. > >> What are your opinions on this? >> What should be done and what should be avoided while setting up such >> systems? > > * First, operate the hidden service using software with no security > holes, and on a (physical) computer that does not operate any > Internet-visible services (especially not a Tor relay). Putting your > hidden service in a virtual machine won't protect you from the > side-channel attack described in âHot or Notâ. > > * Second, if you must use software with security holes to operate your > hidden service, keep that software in a virtual machine, and do not > let it communicate with a real network adapter. (The âhost-only > networkâ option in VirtualBox should be safe enough, for example.) I > don't see a big reason to run Tor in a VM, unless you need to set up > transparent proxying and don't want to mess up your main OS > installation. > > > Robert Ransom
Attachment:
signature.asc
Description: OpenPGP digital signature