DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 9th March 2012
feredim-924 feredim-924 is offline
New User
 
Join Date: Mar 2012
Posts: 7
Thanked 0 Times in 0 Posts
Default What do you think of my OpenBSD Tor Hidden Service?

Internet->Modem->TZ215->OpenBSD Dedicated Firewall Appliance->OpenBSD Tor Hidden Service with either vBulletin/phpBB or SILC

-I'm not too sure whether the SonicWall TZ215 is a vulnerability as it has a subscription based Antivirus
-Can I use TOR to wholly encrypt my OpenBSD system?
Reply With Quote
  #2   (View Single Post)  
Old 10th March 2012
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,888
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by feredim-924 View Post
On other boards, they told me that this is actually the best setup:
Security is not a hard-&-fast state. It is a finding a level of acceptable risk. Without knowing anything about what your security goals are, it is very difficult to comment on whether your proposed topology meets those needs.
Quote:
Tor
Personally, relying on a third-party infrastructure (historically with imperfections...) is putting great faith in something in which you have no control.
Quote:
Can I use TOR to wholly encrypt my OpenBSD system?
No.
Reply With Quote
  #3   (View Single Post)  
Old 14th March 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Thanked 0 Times in 0 Posts
Default

tor doesn't encrypt , it anonymises traffic ..
my curiosity to learn about @Ocicat's, @Jgimmi's, and @carpetsmoker;s respective predilections for anonymy & encryption .. is limitless .. what tool ? what strategy ? I know from earlier posts that all three hackers don't favour security through obscurity nor do they trust tor network .. working with pf is the choice I guess ..
Reply With Quote
  #4   (View Single Post)  
Old 15th March 2012
feredim-924 feredim-924 is offline
New User
 
Join Date: Mar 2012
Posts: 7
Thanked 0 Times in 0 Posts
Default

LMAO yessssssssssssssss TOR ENCRYPTS, read more

"Tor aims to conceal its users' identities and their network activity from surveillance and traffic analysis by separating identification and routing. It is an implementation of onion routing, which encrypts and then randomly bounces communications through a network of relays run by volunteers throughout the globe. These onion routers employ encryption in a multi-layered manner (hence the onion metaphor) to ensure perfect forward secrecy between relays, thereby providing users with anonymity in network location."
Reply With Quote
  #5   (View Single Post)  
Old 15th March 2012
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,888
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by feredim-924 View Post
It is an implementation of onion routing, which encrypts and then randomly bounces communications...
Tor attempts to encrypt packets, but this has no relation to encrypting the fundamental disk. If you believe that Tor will provide you security, let me have physical access to your system, & I will prove the thought otherwise.

OpenBSD does allows portions of secondary store to be encrypted through bioctl(8), but this was not the original question.

As I have referenced elsewhere, Tor's attempt to equate anonymity with privacy is not flawless nor necessarily trustworthy:

http://www.wired.com/politics/securi...urrentPage=all

Likewise, searching through the archives of the OpenBSD project's mailing lists does not show that the project developers there are strong advocates of Tor either. A question you need to answer to yourself is why is this the case?

Last edited by ocicat; 15th March 2012 at 12:48 AM.
Reply With Quote
  #6   (View Single Post)  
Old 15th March 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Thanked 0 Times in 0 Posts
Default

@Ocicat , thanks for providing the link again ..
<< .... The Tor website even says:
Yes, the guy running the exit node can read the bytes that come in and out there. Tor anonymizes the origin of your traffic, and it makes sure to encrypt everything inside the Tor network, but it does not magically encrypt all traffic throughout the internet.

Tor anonymizes, nothing more. >>

just an off-topic question : is Schneier involved with any of the BSDs projects ?
Reply With Quote
  #7   (View Single Post)  
Old 15th March 2012
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,888
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by daemonfowl View Post
just an off-topic question...
I think you know the answer to that, daemonfowl.



Using your search engine of choice can help you answer this question as well.
Reply With Quote
  #8   (View Single Post)  
Old 15th March 2012
feredim-924 feredim-924 is offline
New User
 
Join Date: Mar 2012
Posts: 7
Thanked 0 Times in 0 Posts
Default

If all you have is information from the exit node, then what are the likelhood that you are going to be able to control or find the originating point of my system?
Reply With Quote
  #9   (View Single Post)  
Old 15th March 2012
feredim-924 feredim-924 is offline
New User
 
Join Date: Mar 2012
Posts: 7
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by daemonfowl View Post
Tor anonymizes the origin of your traffic, and it makes sure to encrypt everything inside the Tor network, but it does not magically encrypt all traffic throughout the internet.

Why should I be concerned about "all the traffic on the internet"?

Tor anonymizes, nothing more.

Doesn't your previous statement defeat your current statement?
???
Reply With Quote
Old 15th March 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Thanked 0 Times in 0 Posts
Default

Hi @feredim-924 !
the first isn't mine but torproject's ..
am I wrong to say that part of what privacy comes to mean is being able to keep one's identity as well as data private over networks .. while you are centered on your pc security , someome else is centered on the privacy of transmitted data over the network .. does it make a sense ?
the last 2 lines of the page :
<< As long as Tor is a magnet for "interesting" traffic, Tor will also be a magnet for those who want to eavesdrop on that traffic -- especially because more than 90 percent of Tor users don't encrypt. >>
Reply With Quote
Old 15th March 2012
feredim-924 feredim-924 is offline
New User
 
Join Date: Mar 2012
Posts: 7
Thanked 0 Times in 0 Posts
Default

Don't encrypt what? Their hard drives?
Reply With Quote
Old 15th March 2012
feredim-924 feredim-924 is offline
New User
 
Join Date: Mar 2012
Posts: 7
Thanked 0 Times in 0 Posts
Default

My current setup looks like this:
Internet->Modem->Tor Router->OpenBSD Dedicated Firewall Appliance->OpenBSD Gateway->FreeBSD+Hidden/Truecrypt Encrypted Operating System+Hidden/Truecrypt Encrypted File Volume+Virtualization+PHPBB Message Board
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Gnome hidden Hallin OpenBSD Packages and Ports 1 4th May 2010 06:30 PM
Good VPN service? guitarscn Off-Topic 2 15th December 2009 08:55 AM
service prioritization badguy OpenBSD General 1 29th July 2009 05:36 PM
hidden 16 partition and tphdisk gosha OpenBSD General 5 16th July 2009 01:41 PM
Bad BIOS32 Service Directory chill FreeBSD General 0 11th June 2008 08:36 AM


All times are GMT. The time now is 08:35 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick