Changes between Version 145 and Version 146 of doc/TorBOX/SecurityAndHardening


Ignore:
Timestamp:
Jul 30, 2012, 3:51:02 PM (7 years ago)
Author:
proper
Comment:

multiple security layers

Legend:

Unmodified
Added
Removed
Modified
  • doc/TorBOX/SecurityAndHardening

    v145 v146  
    404404
    405405aos's aos-Workstation has no access to the internet without using Tor. You can look into our setup. It's all Open Source and well documented. IP-forwarding is disabled. The firewall fails "closed": when Tor is disabled, loses connection, or the aos-Gateway crashes, no network connections are possible. Iptables redirects any traffic from aos-Workstation to Tor's ports. Local network connections are dropped. No leaks are possible, assuming the TCB is trustworthy.
     406
     407aos uses multiple security layers. [[BR]]
     4081. Applications are configured correctly using latest suggestions (correct application and proxy settings, stream isolation). [[BR]]
     4092. Firewall rules are enforced and prevent accessing the internet directly, thus leaks are prevented in case some application leaks. [[BR]]
     4103. Optionally physical isolation is provided. [[BR]]
     4114. aos's Protocol Leak and Fingerprinting Protection [[BR]]
    406412
    407413aos was [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/LeakTests tested for leaks] and all went negative. Additionally, Skype, which is known for it's ability to punch through firewalls, was not able to establish non-torified connections. Also Bittorrent doesn't leak the IP (there is an online bittorrent leak tester). which of course should never be used through Tor (because it chokes Tor nodes)t but for leak testing it was welcome. Right now we don't know of any leak tests which leaks the real IP.