Changes between Version 141 and Version 142 of doc/TorBOX/SecurityAndHardening


Ignore:
Timestamp:
Jul 21, 2012, 2:31:10 PM (7 years ago)
Author:
proper
Comment:

Technical Intro; new: aos Framework

Legend:

Unmodified
Added
Removed
Modified
  • doc/TorBOX/SecurityAndHardening

    v141 v142  
    66aos aims to be safer than Tor alone. The main goal is, that no one can find out the users IP and location.
    77
    8 The basic idea is, that all applications are untrustworthy. No application can obtain the users real external IP. aos ensures that applications can only connect through Tor. Direct connections (leaks) are impossible. This is the only way we know of, that can reliably protect your anonymity from client application vulnerabilities and IP/DNS and [https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO#Protocolleaks protocol leaks].^10^
    9 
    10 aos consists of two machines, which are connected through an isolated network. One machine acts as the client or "aos-Workstation", the other as a proxy or "aos-Gateway", which will route all of the aos-Workstation's traffic through Tor. This setup can be implemented either through virtualization or Physical Isolation (explained below).
    11 
    12 aos is a multi-system anonymity setup build around Tor.^1^ aos is primarily intended for virtualization with '''VirtualBox'''.^2^ The two virtual machines, aos-Gateway and aos-Workstation, are based on '''Ubuntu GNU/Linux'''.^2^ aos can be installed on every computer capable of running [https://www.virtualbox.org/wiki/Downloads VirtualBox] (supports Windows, OS X, Linux and Solaris) or similarly capable virtualization platform.
     8The basic idea is, that all applications are untrustworthy. No application must be able to obtain the users real external IP. aos ensures that applications can only connect through Tor. Direct connections (leaks) must be impossible. This is the only way we know of, that can reliably protect your anonymity from client application vulnerabilities and IP/DNS and [https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO#Protocolleaks protocol leaks].^10^
     9
     10aos consists of two machines, which are connected through an isolated network. One machine acts as the client or "aos-Workstation", the other as a proxy or "aos-Gateway", which will route all of the aos-Workstation's traffic through Tor. This setup can be implemented either through virtualization and/or Physical Isolation (explained below).
     11
     12The ''aos concept'' is agnostic about everything, the anonymizer, platform, etc. See ''aos Framework'' below.
     13
     14aos ''example implementation'': Anonymity setup build around '''Tor''', two virtual machines using '''VirtualBox''' and '''Ubuntu GNU/Linux'''. aos can be installed on every computer capable of running [https://www.virtualbox.org/wiki/Downloads VirtualBox]. (Supports Windows, OS X, Linux, BSD and Solaris.)
    1315
    1416Physical Isolation describes installing aos-Gateway and aos-Workstation on two different pieces of hardware. It is more secure than virtual machines alone, requires more physical space, hardware and electricity costs are higher. Keep in mind that you don't need very powerful dedicated servers or desktops. For more information, see [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/BareMetalHints aos/BareMetalHints].
     
    1719
    1820The listed advantages and disadvantages shall give you an overview, what aos is useful for, what aos can do for you, and what not.
    19 
    20 ,,
    21 ^1^ The Tor network is aos's official and best supported anonymizing network. aos can also potentially and optionally use [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/OtherAnonymizingNetworks other anonymizing networks] (Such as JonDo, i2p, freenet, RetroShare), either in addition (tunneled through Tor) or as a replacement for Tor. See the article for more information. [[BR]]
    22 ^2^ Other virtualization platforms (e.g. [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/VMware VMware]) or other operating systems (e.g. [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/OtherOperatingSystems Windows; *nix; BSD]) could potentially also be used, but this is neither supported nor tested. See the article for more information.
    2321
    2422== Advantages of aos ==
     
    133131 * Anti-Forensics and deniability (no encryption keys to disclose, if it's powered down and RAM is wiped/faded everything is "gone")
    134132 * But: difficult to roll out security updates
     133
     134== aos Framework ==
     135The ''aos concept'' is agnostic about everything. With some development effort you can replace any component. The aos developers would like to support each and any use case, but due to limited amount of developers this is impossible and we focus on the ''aos example implementation''.
     136
     137The Tor network is aos's official and best supported anonymizing network. aos can also potentially and optionally use [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/OtherAnonymizingNetworks other anonymizing networks] (Such as JonDo, i2p, freenet, RetroShare), either in addition (tunneled through Tor) or as a replacement for Tor. See the article for more information.
     138
     139You can also avoid using virtualization by using Physical Isolation, although that is not recommend, see Comparison of different aos variants fore more information.
     140
     141It's possible to use other virtualization platforms (e.g. [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/VMware VMware], KVM, XEN, Qemu, Bochs, etc.) See the article for more information.
     142
     143Other operating systems (e.g. [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/OtherOperatingSystems Windows; *nix; BSD]) can potentially be used as host and/or guest operating system. See the article for more information.
    135144
    136145= One VM =