| View previous topic :: View next topic |
| Author |
Message |
henri
Apprentice
Joined: 15 Nov 2002
Posts: 182
Location: Germany
|
 Posted: Sat Oct 25, 2008 10:22 pm Post subject: Do you have a secure surfstation? |
 |
|
Hi folks,
at the moment I have the PC of a good friend of mine at home who asked me, if I could set up a really secure surfstation on it.
No, he does not want to do ellegal stuff but is very paranoid about his company's researches and data even in the case of housebreaking and a theft of his computer.
Before, he always used a knoppix-cd to join the web, but now, he also want's to save some websites he visited to disk and also want's to print them and view a video before going to sleep. He already knows KDE very well, so this is going to be the WM for the box.
Oh, no problem was my answer, why not use tor on a gentoo box with encrypted partitions?
So I first tried tor on one of my own pcs with privoxy but that seemed to be too slow for everyday use to me.
Allright, maybe my tor and privoxy setup also may need some tuning, I just set it up like it's told in the wiki to test it.
But this lead me to the question, if any other gentoo user has realised a really secure and anounymized surfstation which would be, in the best case, military-save.
So let me ask you:
- How do you have realised, or would realise such a setup?
- Which are the important topics to notice?
- Are there any special tools to keep the system clean (browser-history, thumbnails etc, just to name a few points)
Many thanks in advance,
yours Henri |
|
| Back to top |
|
 |
jamapii
l33t
Joined: 16 Sep 2004
Posts: 637
|
| Posted: Mon Oct 27, 2008 9:25 pm Post subject: |
|
|
A virtual machine with a small virtual disk, that can be restored from a master copy at all times.
Go via squid, optionally ad adzapper, privoxy, whatever...
Import a single download directory via NFS (there might be better alternatives). |
|
| Back to top |
|
|
zyko
l33t
Joined: 01 Jun 2008
Posts: 620
Location: Munich, Germany
|
| Posted: Mon Oct 27, 2008 11:38 pm Post subject: |
|
|
Your post is vague in some points. Are we talking about industrial espionage, governmental repression, or do we just not want our moms to find out we were looking at those nudy-websites? 
To answer your question, it must be clearly defined what the exact scenarios are that we need to prevent. The whole subject is just too complex for blanket statements.
| Quote: | | No, he does not want to do ellegal stuff but is very paranoid about his company's researches and data even in the case of housebreaking and a theft of his computer. |
If the data in question is seriously important, it must not be on the same physical computer that "your friend" uses for his private internet activities. In fact, it should not be connected to any unfriendly networks at all. If someone were to specifically target your friend's computer, no amount of preventive measures would suffice. "Security" is mostly designed to fend off script kiddies and automated attacks. If you are dealing with industrial espionage, don't connect your data to the internet!
To protect data that can be physically accessed by a potential attacker, hard disk encryption is the way to go. Look into dm_crypt + LUKS: http://luks.endorphin.org -- if you want to use KDE, you need to encrypt everything (=the entire disk), since KDE leaks information into all sorts of caches everywhere. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
