Schneier On Safety
Public Group active 3 years, 2 months ago2. It isn’t require much technical understand how (not reverse engineering your BIOS to confirm its integrity or attempting to debug rootkits). 3. The overhead involved is scalable to the amount of safety required. That’s, many shortcuts could be taken without weakening the general system. 4. It’s an unambiguous set of steps that don’t require judgment to be performed. 5. It is fault tolerant (many parts can get pwned, and it still may be very secure).
6. It’s efficient towards a variety of risk models, as much as and including a nation-state which has full knowledge of your setup, a workforce of hackers working to pwn you individually, and a black bag workforce that can enter your private home without your data. Let’s call our adversary Eve. I believe until Eve can convey to bear the assets described in item 6, your setup is completely safe. Any suggestions on the protocol I describe would be appreciated. 1.
A focused assault by which the Eve has good knowledge of your setup and limitless resources to craft an assault over the web. 2. Same as 1, but they are going to assault utilizing malware which infects your hardware (BIOS, NIC, and so on.) before you purchase it (the supply chain assault). 4. Black bag/ bodily entry to your home and Rest Web Service computers. I assume the reader can acquired uninfected software. One method for doing that is documented on the TOR website.
The fundamental concept is to download from a number of sources, from multiple web connects, evaluate the hashes, and confirm downloads with PGP signatures. The first computer (which I’ll call CannonFodder) connects to the web through TOR, ideally with PORTAL between the pc and the web. PORTAL is the grugq’s open supply undertaking which installs on Raspberry Pi and acts like a proxy forwarding all your traffic to TOR. Lately a hidden service was found on TOR which hacks the browser and phones house by means of the user’s non-TOR internet connection the precise IP deal with and MAC address of the consumer. PORTAL prevents this assault by only allowing site visitors to route by means of TOR, and blocking any other site visitors.
The aim of CannonFodder is to obtain PGP encrypted messages and ship PGP encrypted messages. It’s what connects to the web so the rest of the tools doesn’t have to. While it is going to be assumed to be hacked into and rootkit’ed, it is not going to be an easy target. On CannonFodder install no matter private security products you will get your fingers on. Anti-virus, anti-persistence software program, software program that whitelists good processes and blacklists unhealthy processes, EMIT… Be sure the OS and all software on it is patched frequently.
What OS runs on the host is up to you. The host will run a VM and nothing else.
Members
-
joined 3 years, 2 months ago
