[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Relay operators: help improve this hardening document?
On Fri, 06 Feb 2015 11:08:47 +0000, when2plus2is5@xxxxxxxxxx wrote:
...
> Iptables is an advanced firewall. Iptables is a pain in the ass for new
> users to expertly configure. Basic settings aren't difficult, but I
> don't want basic.
I'm (apparently) in the minority on this, but my tor nodes don't have
any iptables - there is nothing than iptables could cover. To even
get anything running on the machine that could be shielded from
the outside (or to talk to the outside), you'd need a vuln in
either tor or ssh (or, for exit nodes, the DNS resolver).
...
> My personal opinion is the Tor community should be a champion of OPSEC
> period, for everyone. But that is me. Anonymity, privacy, and security
> go hand in hand.
I'd actually like to second that. It is one thing to write down
tornode-related opsec, and an entirely different thing to learn general
opsec and then condense that down to what a tor node requires of that
(and I'm not even sure if there is a general opsec primer we could point
people (i.e. me) to).
Hmm, perhaps I should get my credit card and see how the
amazon cloud tor nodes are preconfigured. ;-)
Andreas
--
"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays