Tor Hidden Server, please review

[axemmiw905]

Hi,

I'm planning on building a Tor Hidden Server for an anonymous/safe/secure message board. I really want to stress on safety here, so I'm planning for the server setup to look like this:

Internet --> Modem --> SonicWall TZ210 w/ AV... OR UNTANGLE PC --> PC with hardware encryption(TPM) and full software encryption(Truecrypt Hidden Operating System and Decoy) --> Virtualization --> TrueCrypt HIDDEN File Container, using AES-Twofish-Serpent w/ Whirlpool and using the max amount of characters allowed 64 bits, with multiple key files as .jpg files and .mp3 files --> Contents of message board et al.

Of course, since Truecrypt is only compatible with Windows for the most part, the PC will also have Bitdefender as AV and Comodo Firewall

IS THERE ANYWAY I CAN ENHANCE THE SECURITY OF MY TOR HIDDEN SERVER?

[NGRhodes]

There is no point encrypting your system if you are making it accessible to the outside world. The data needs to be unencrypted to be used by the server software you try to use, therefore any user who has access to your server will need it decrypted unless you plan on using a 3rd party to distribute keys to your users, which is what we (using an off-line solution) do for authentication to our web servers to gain access to the security critical parts of our sites.

You main vector of compromise will be the server software you run to for the message board (and the message board software itself).

You need to think about the minimum configuration required to get the job done, only run the software you need, only run the services required, only open the firewall ports needed for users to access your server software. Bonus points if you also remember to prevent your server connecting OUT unless needed (so if it is compromised hackers cant run other software on your machine). If your message board is web based, look at enforcing SSL connections only.
Then you need to look at the information stored, minimise that. If possible dont allow users to register/login, if they do, store the minimum information required. Make sure passwords are not stored plain if you store them

Oh and you need to TEST your setup. Without testing it you won't know how secure your setup is. And retest frequently, you never get your config perfect first time, vulnerabilities is the software you run will be found.

Cheers Nick

[axemmiw905]

THERE IS EVERY POINT in encrypting the system, you don't know what I'm going to do with my Tor Hidden Server. It's a gray market.

Server software will have to be windows or windows server. That is the only thing that works with Truecrypt, no choice there.

No point in using SSL, Tor Hidden Service is encrypted end to end.

Thanks Nick.

[mirimir]

Disk encryption will not protect you when your server is running. Even if the server is local, you want it headless, and accessible only via SSH from specified clients. You want your server software and Tor running on separate machines, or at least on separate VMs. I advise against using Windows for anything about this. Ubuntu is probably OK for host and VMs, although some swear by BSD. Although it's easier (and much less expensive) to secure local hardware, there's no deniability if you get busted with a running server.

[axemmiw905]

read up on tor hidden service

[EncryptedBytes]

Quote:

Originally Posted by Nick Rhodes

There is no point encrypting your system if you are making it accessible to the outside world. The data needs to be unencrypted to be used by the server software you try to use, therefore any user who has access to your server will need it decrypted unless you plan on using a 3rd party to distribute keys to your users, which is what we (using an off-line solution) do for authentication to our web servers to gain access to the security critical parts of our sites.

You main vector of compromise will be the server software you run to for the message board (and the message board software itself).

You need to think about the minimum configuration required to get the job done, only run the software you need, only run the services required, only open the firewall ports needed for users to access your server software. Bonus points if you also remember to prevent your server connecting OUT unless needed (so if it is compromised hackers cant run other software on your machine). If your message board is web based, look at enforcing SSL connections only.
Then you need to look at the information stored, minimise that. If possible dont allow users to register/login, if they do, store the minimum information required. Make sure passwords are not stored plain if you store them

Oh and you need to TEST your setup. Without testing it you won't know how secure your setup is. And retest frequently, you never get your config perfect first time, vulnerabilities is the software you run will be found.

Cheers Nick

You forgot to mention keeping the software patched and current. Otherwise sound advice

Quote:

Originally Posted by axemmiw905

THERE IS EVERY POINT in encrypting the system, you don't know what I'm going to do with my Tor Hidden Server. It's a gray market.

You are right we don't know, though if you are planning to do something shall we say "grey" or "black" I would advise you to reconsider and weigh against any ethical or legal ramifications. However that being said everyone has free choice in this world, though most individuals who chose the former keep me employed and put food on my table

That being said disk encryption will only protect you if the drive is unmounted as stated above in a mounted state disk encryption will do nothing to protect your data.

[axemmiw905]

LMFAO... the disk encryption is for situations where the police come down to my house, break my door down and confiscate my server.

I could care less about hackers.

[axemmiw905]

Internet --> Modem --> SonicWall TZ215 --> OpenBSD Firewall Appliance --> OpenBSD Server with Tor Hidden Service --> Contents et. al

The above should be perfect...

[Serapis]

Quote:

Originally Posted by axemmiw905

Internet --> Modem --> SonicWall TZ215 --> OpenBSD Firewall Appliance --> OpenBSD Server with Tor Hidden Service --> Contents et. al

The above should be perfect...

What OpenBSD based firewall are you using? or is it the one included in the OS by default?

[x942]

Quote:

Originally Posted by axemmiw905

LMFAO... the disk encryption is for situations where the police come down to my house, break my door down and confiscate my server.

I could care less about hackers.

You do realize that law enforcement would just bring a specialized generator and keep constant power to the server right? As long as the server is on the data is unencrypted.

Even without a special generator they just dump the data right there and mirror the HDD and RAM and boom! they have the keys too!.

Think you can shutdown quickly? Not if they wait till your out.

[EncryptedBytes]

Quote:

Originally Posted by x942

You do realize that law enforcement would just bring a specialized generator and keep constant power to the server right? As long as the server is on the data is unencrypted.

Even without a special generator they just dump the data right there and mirror the HDD and RAM and boom! they have the keys too!.

Think you can shutdown quickly? Not if they wait till your out.

I was always under the impression most raids are announced a week or so in advance and if you tell the agents who storm your residence you need time to shut down your equipment, they actually step out for a soda. Additionally I heard they even give a grace period to allow the RAM chips to cool. On top of that they employ highly unskilled individuals who have never heard of drive encryption and always assume it is safe to turn off a machine, only then admit defeat when they realize they are dealing with a crypto professional.

Boy was I wrong.

[x942]

Quote:

Originally Posted by EncryptedBytes

I was always under the impression most raids are announced a week or so in advance and if you tell the agents who storm your residence you need time to shut down your equipment, they actually step out for a soda. Additionally I heard they even give a grace period to allow the RAM chips to cool. On top of that they employ highly unskilled individuals who have never heard of drive encryption and always assume it is safe to turn off a machine, only then admit defeat when they realize they are dealing with a crypto professional.

Boy was I wrong.

LOL that just made my day XD

[Cudni]

The conversation has taken a turn that is out of scope and interest of this board.