Changes between Version 57 and Version 58 of doc/TorBOX/BareMetalHints


Ignore:
Timestamp:
Jul 21, 2012, 2:42:19 PM (6 years ago)
Author:
proper
Comment:

rebrand, warning

Legend:

Unmodified
Added
Removed
Modified
  • doc/TorBOX/BareMetalHints

    v57 v58  
    11[[TOC(noheading, depth=0)]]
    22
    3 [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX  TorBOX Homepage]
     3[https://trac.torproject.org/projects/tor/wiki/doc/TorBOX aos Homepage]
    44
    5 '''WARNING''': This article currently lacks information about TorBOX-Gateway's and TorBOX-Workstation's MAC address. See also [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/SecurityAndHardening#TorBOXsProtocol-Leak-ProtectionandFingerprinting-Protection TorBOX's Protocol-Leak-Protection and Fingerprinting-Protection], [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/Dev#MacaddressesonBareMetalSECURITY Mac addresses on Bare Metal] and [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/Dev#MacaddressinpublicnetworksSECURITY Mac address in public networks].
     5'''WARNING''': Not updated for aos 0.2.1.
    66
    7 '''NOTE''': The terminology "Bare Metal TorBOX" is no longer accurate. We do not refer to running a software on virtualizers vs physical systems. What this setup is actually about, is installing TorBOX-Gateway and TorBOX-Workstation on a single physical system vs installing on two different physical systems and using virtualization, i.e. Physical Isolation.
     7'''WARNING''': This article currently lacks information about aos-Gateway's and aos-Workstation's MAC address. See also [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/SecurityAndHardening#aossProtocol-Leak-ProtectionandFingerprinting-Protection aos's Protocol-Leak-Protection and Fingerprinting-Protection], [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/Dev#MacaddressesonBareMetalSECURITY Mac addresses on Bare Metal] and [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/Dev#MacaddressinpublicnetworksSECURITY Mac address in public networks].
     8
     9'''NOTE''': The terminology "Bare Metal aos" is no longer accurate. We do not refer to running a software on virtualizers vs physical systems. What this setup is actually about, is installing aos-Gateway and aos-Workstation on a single physical system vs installing on two different physical systems and using virtualization, i.e. Physical Isolation.
    810
    911= Introduction =
    10 When setting up TorBOX in the form of two VMs running on the same host, exploits targeting the VM implementation or the host can still break out of the torified Client VM and expose the IP of a user. Malware running on the host has full control over all VMs. To prevent against such attacks we need a different approach: In this context we called it "bare metal" because the gateway system is installed on separate hardware ("metal"). This drastically reduces the [https://en.wikipedia.org/wiki/Trusted_computing_base TCB] by more than the half.
     12When setting up aos in the form of two VMs running on the same host, exploits targeting the VM implementation or the host can still break out of the torified Client VM and expose the IP of a user. Malware running on the host has full control over all VMs. To prevent against such attacks we need a different approach: In this context we called it "bare metal" because the gateway system is installed on separate hardware ("metal"). This drastically reduces the [https://en.wikipedia.org/wiki/Trusted_computing_base TCB] by more than the half.
    1113
    12 In total we'll be installing and configuring two computers and set up an isolated point to point network between them (you could also set up a an ordinary, completely isolated, LAN behind the TorBOX-Gateway but read this [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/SecurityAndHardening#RecommendationtousemultipleTorBOX-Workstations NOTE]). One computer acts as the client or "TorBOX-Workstation", the other as a proxy or "TorBOX-Gateway" which will transparently route all of the TorBOX-Workstation's traffic through Tor.
     14In total we'll be installing and configuring two computers and set up an isolated point to point network between them (you could also set up a an ordinary, completely isolated, LAN behind the aos-Gateway but read this [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/SecurityAndHardening#Recommendationtousemultipleaos-Workstations NOTE]). One computer acts as the client or "aos-Workstation", the other as a proxy or "aos-Gateway" which will transparently route all of the aos-Workstation's traffic through Tor.
    1315
    14 The TorBOX-Gateway on its own physical device can be running either directly on "bare metal" or inside a virtual machine. Both options have advantages and disadvantages. We recommend to use no additional Virtual Machine for the TorBOX-Gateway.
     16The aos-Gateway on its own physical device can be running either directly on "bare metal" or inside a virtual machine. Both options have advantages and disadvantages. We recommend to use no additional Virtual Machine for the aos-Gateway.
    1517
    16 The TorBOX-Workstation should always be installed in a Virtual Machine: A VM hides hardware serial numbers. See also [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/SecurityAndHardening#RecommendationtousemultipleVMSnapshots Recommendation to use multiple VM Snapshots].,, [[BR]]
     18The aos-Workstation should always be installed in a Virtual Machine: A VM hides hardware serial numbers. See also [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/SecurityAndHardening#RecommendationtousemultipleVMSnapshots Recommendation to use multiple VM Snapshots].,, [[BR]]
    1719
    1820== Using spare hardware + Virtual Machine ==
    1921Advantages:
    2022 * You can install a graphical host.
    21  * Use the TorBOX download version.
     23 * Use the aos download version.
    2224 * You can use the graphical network manager on the host, for example to connect to WiFi.
    2325 * You can setup easily a VPN on the host. Tor will be tunneled through the VPN.
     
    3436
    3537= Prerequisites =
    36  * TorBOX-Gateway: A device with at least two network adapters, at least one of them ethernet^1^, capable of running Linux. It will run Ubuntu Server.^2^
     38 * aos-Gateway: A device with at least two network adapters, at least one of them ethernet^1^, capable of running Linux. It will run Ubuntu Server.^2^
    3739   
    3840 ,, ^1^ The other one may be either an [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/BareMetalHints#anonymous3Gmodem anonymous 3G modem]; [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/BareMetalHints#anonymouswifiadapter anonymous wifi adapter], another ethernet or wifi connected to your modem/router.,, [[BR]]
    3941 ,, ^2^ Theoretically you could use any OS that supports iptables or pf. If you don't want to use Ubuntu Oneiric you will have to edit the shell script. This will be easy for Debian derivatives but much more difficult for *BSD for example. In any case, the choice of OS shouldn't really matter because this system isn't used for anything but running Tor. A cheap plug computer, something like Raspberry Pi or the hardware used by Torouter would be sufficient.,,
    4042 
    41  * TorBOX-Workstation: A device connected via ethernet to the TorBOX-Gateway. It must only have this one NIC and no other network connectivity! Must be connected by wire.^3^ This will be the torified client system or TorBOX-Workstation. It must be capable of running Ubuntu Server.^4^ [[BR]]
    42    We recommend to use a VM as the client, the same^5^ [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/Dev/BuildDocumentation#CreateTorBOX-Workstation.ova VM build]^6^ as the non-bare metal TorBOX uses.
     43 * aos-Workstation: A device connected via ethernet to the aos-Gateway. It must only have this one NIC and no other network connectivity! Must be connected by wire.^3^ This will be the torified client system or aos-Workstation. It must be capable of running Ubuntu Server.^4^ [[BR]]
     44   We recommend to use a VM as the client, the same^5^ [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/Dev/BuildDocumentation#Createaos-Workstation.ova VM build]^6^ as the non-bare metal aos uses.
    4345
    44  ,, ^3^ If you don't connect by wire, you significantly weaken isolation and security. One the TorBOX-Workstation were infected, it could jump onto another network and start leaking.,, [[BR]]
     46 ,, ^3^ If you don't connect by wire, you significantly weaken isolation and security. One the aos-Workstation were infected, it could jump onto another network and start leaking.,, [[BR]]
    4547 ,, ^4^ Any OS can be used. But this is not recommended! If you do anyway, read warning, especially for Windows: [https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxyLeaks Transparent Proxy Leaks].,, [[BR]]
    4648 ,, ^5^ A generic VM image can neither leak identifying hardware serial numbers nor unique software fingerprints. (e.g. trough [https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO#Softwareupdaters software updates]).,, [[BR]]
    47  ,, ^6^ This ensures that you get the latest security features and most secure configurations. (Such as stream isolation that protects against [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/ApplicationWarningsAndNotes#Identitycorrelationthroughcircuitsharing Identity correlation through circuit sharing], [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/XChat IRC hardening] or [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/SecurityAndHardening#TorBOXsProtocol-Leak-ProtectionandFingerprinting-Protection TorBOX's Protocol-Leak-Protection and Fingerprinting-Protection].).,, [[BR]]
     49 ,, ^6^ This ensures that you get the latest security features and most secure configurations. (Such as stream isolation that protects against [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/ApplicationWarningsAndNotes#Identitycorrelationthroughcircuitsharing Identity correlation through circuit sharing], [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/XChat IRC hardening] or [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/SecurityAndHardening#aossProtocol-Leak-ProtectionandFingerprinting-Protection aos's Protocol-Leak-Protection and Fingerprinting-Protection].).,, [[BR]]
    4850
    4951= Time syncing =
    50 Please read and apply [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/Readme#NetworkTimeSyncing "Network Time Syncing"] on both computers. This is a required step on the client computer because ntp doesn't work at all behind tor (it uses UDP) and if it did, it couldn't be trusted! It's also removed on both TorBOX-Workstation and TorBOX-Gateway by the the shell scripts.
     52Please read and apply [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/Readme#NetworkTimeSyncing "Network Time Syncing"] on both computers. This is a required step on the client computer because ntp doesn't work at all behind tor (it uses UDP) and if it did, it couldn't be trusted! It's also removed on both aos-Workstation and aos-Gateway by the the shell scripts.
    5153
    5254= Installation =
    5355General advice from [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/Dev/BuildDocumentation#BuildSecurity Build Security and Host preparation] apply
    54 == How To Install TorBOX-Gateway on bare metal [RECOMMENDED] ==
     56== How To Install aos-Gateway on bare metal [RECOMMENDED] ==
    5557 * Install Ubuntu Server 12.04 and chose following settings:
    5658{{{
     
    7476 * Make sure the internet is working
    7577 * Install all security updates and reboot
    76  * Transfer the [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/Dev/TGScript TorBOX-Gateway] to the Gateway
    77  * Before running the TorBOX-Gateway script make sure eth1 and eth0 refer to the correct interfaces. Otherwise you have to change the variables in the script ('dmesg | grep eth' may be helpful).
     78 * Transfer the [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/Dev/TGScript aos-Gateway] to the Gateway
     79 * Before running the aos-Gateway script make sure eth1 and eth0 refer to the correct interfaces. Otherwise you have to change the variables in the script ('dmesg | grep eth' may be helpful).
    7880 * Run the  with the "-install" option, not the "-vm" flag as this option is only suited for VMs!
    79   sudo TorBOX-Gatewa -install
     81  sudo TorBOX-Gateway -install
    8082
    81 For the TorBOX-Gateway follow these [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/Dev/BuildDocumentation#CreateTorBOX-Gateway.ova instructions] (ignoring VirtualBox sepecific steps) but:
     83For the aos-Gateway follow these [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/Dev/BuildDocumentation#Createaos-Gateway.ova instructions] (ignoring VirtualBox sepecific steps) but:
    8284
    8385
    84 == How To Install TorBOX-Gateway in a VM [UNTESTED / NOT RECOMMEND] ==
     86== How To Install aos-Gateway in a VM [UNTESTED / NOT RECOMMEND] ==
    8587It is advised to install a new OS just for hosting the Gateway VM, any OS that can run VirtualBox works but we recommend an Open Source system.
    8688
    87 [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/Download Download] or [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/Dev/BuildDocumentation#CreateTorBOX-Gateway.ova build] the TorBOX-Gateway image.
     89[https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/Download Download] or [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/Dev/BuildDocumentation#Createaos-Gateway.ova build] the aos-Gateway image.
    8890
    8991Adapter 1 can be set up as a NAT network. Adapter 2 must either be set to NAT as well (but you will need to forward ports from the host to the guest) or much simpler: use bridged networking and set it to the second physical interface (the one that goes into the isolated network/point to point ethernet). See "NAT vs Bridging" below.
     
    9294
    9395
    94 == Install TorBOX-Workstation ==
    95 ''' If the physical network (between TorBOX-Gateway and a router) uses 192.168.0.* you need to review and edit all shell scripts you are going to use and switch the internal network to something else!
     96== Install aos-Workstation ==
     97''' If the physical network (between aos-Gateway and a router) uses 192.168.0.* you need to review and edit all shell scripts you are going to use and switch the internal network to something else!
    9698
    9799Install and update a host OS. The host can be any OS that can run VirtualBox but be aware of [https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxyLeaks Transparent Proxy Leaks]. It is not recommended to use Windows or another other commercial proprietary system.
    98100
    99 [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/Download Download] or [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/Dev/BuildDocumentation#CreateTorBOX-Workstation.ova build] the TorBOX-Workstation image.
     101[https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/Download Download] or [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/Dev/BuildDocumentation#Createaos-Workstation.ova build] the aos-Workstation image.
    100102
    101103 * Instead of setting Adapter 1 (eth0) to internal, you'll need to use bridged or NAT networking!
    102104
    103105= NAT vs Bridging =
    104 Since TorBOX-Workstation can see the MAC address of whatever adapter it is connected to, if you use bridget networking you should change the MAC address of the internal interface on the Gateway:
    105 https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/SecurityAndHardening#TorBOXinpublicnetworksMACAddress
     106Since aos-Workstation can see the MAC address of whatever adapter it is connected to, if you use bridget networking you should change the MAC address of the internal interface on the Gateway:
     107https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/SecurityAndHardening#aosinpublicnetworksMACAddress
    106108
    107 If you use NAT you will have to edit the TorBOX-Workstation so it uses dhcp or static IP for VBox NAT. The host has to be set to use the static IP configuration as configured in the TorBOX-Workstation script. When using NAT for a virtualized Gateway you need to set up port forwarding in VirtualBox.
     109If you use NAT you will have to edit the aos-Workstation so it uses dhcp or static IP for VBox NAT. The host has to be set to use the static IP configuration as configured in the aos-Workstation script. When using NAT for a virtualized Gateway you need to set up port forwarding in VirtualBox.
    108110
    109111If you use bridget networking things will (or should, we haven't tested anything yet) just work, the host will have to be configured to use a static IP as well.
    110112
    111113= Further hints and recommendations =
    112 We recommend that you use two dedicated computers for TorBOX that are never used for activities that could lead back to your identity. Alternatively you can use an already existing and otherwise used computer for the TorBOX-Gateway. To offer some isolation you should disconnect all internal and external drives and boot from a eSATA, USB or another internal drive into a clean environment.
     114We recommend that you use two dedicated computers for aos that are never used for activities that could lead back to your identity. Alternatively you can use an already existing and otherwise used computer for the aos-Gateway. To offer some isolation you should disconnect all internal and external drives and boot from a eSATA, USB or another internal drive into a clean environment.
    113115
    114116=== non-anonymous use ===
     
    117119
    118120=== anonymous use ===
    119  * TorBOX-Gateway
     121 * aos-Gateway
    120122   * This really does not have to be a big desktop computer or ordinary server. There are alternatives.
    121123   * smartphone ^1^, [https://en.wikipedia.org/wiki/Ultra-mobile_PC UMPC], pad, tablet, notebook, netbook, [https://en.wikipedia.org/wiki/Raspberry_Pi Raspberry Pi], router ^2^, set top box, etc.
    122124   * how to utilize such a device as a linux server is beyond the scope of this guide, there are already better resources
    123125 * anonymous 3G modem (see below) or anonymous wifi adapter (see below)
    124  * TorBOX-Workstation
     126 * aos-Workstation
    125127   * You get the idea. Use a device which suits you.^1^
    126128
    127 ,, ^1^ Just some hints to get started. It is difficult and beyond the scope of TorBOX, because you don't have an ethernet interface. Some (after market) firmwares support USB-host. (You can plug USB devices into your phone, such as an USB ethernet card. For example some rooted android smartphones can [http://android.galoula.com/en/LinuxInstall/ install] Ubuntu Linux.,, [[BR]]
     129,, ^1^ Just some hints to get started. It is difficult and beyond the scope of aos, because you don't have an ethernet interface. Some (after market) firmwares support USB-host. (You can plug USB devices into your phone, such as an USB ethernet card. For example some rooted android smartphones can [http://android.galoula.com/en/LinuxInstall/ install] Ubuntu Linux.,, [[BR]]
    128130,, ^2^ something like OpenWRT,, [[BR]]
    129131
    130132=== anonymous 3G modem ===
    131 Normally your dial up or broadband provider knows your name, postal address and non-anonymous payment method. This is bad. Suppose Tor or TorBOX are compromised. An adversary just has to pressure your provider and can very easily find our your identity. This is not the case here.
    132  * plugged or integrated into TorBOX-Gateway
     133Normally your dial up or broadband provider knows your name, postal address and non-anonymous payment method. This is bad. Suppose Tor or aos are compromised. An adversary just has to pressure your provider and can very easily find our your identity. This is not the case here.
     134 * plugged or integrated into aos-Gateway
    133135 * Buy the 3G modem anonymously [in a store, second hand, on street, no personal data].
    134136   * Be sure to have never used it for non-anonymous use before.
     
    144146
    145147=== anonymous wifi adapter ===
    146 Normally your dial up or broadband provider knows your name, postal address and non-anonymous payment method. This is bad. Suppose Tor or TorBOX are compromised. An adversary just has to pressure your provider and can very easily find our your identity. This is not the case here.
    147  * Plugged or integrated into TorBOX-Gateway.
     148Normally your dial up or broadband provider knows your name, postal address and non-anonymous payment method. This is bad. Suppose Tor or aos are compromised. An adversary just has to pressure your provider and can very easily find our your identity. This is not the case here.
     149 * Plugged or integrated into aos-Gateway.
    148150 * Buy the wifi adapter anonymously [in a store, second hand, on street, no personal data].
    149151   * Be sure to have never used it for non-anonymous use before.