Security model - opinions welcome

Discussion in 'privacy technology' started by Palancar, Apr 3, 2014.

Thread Status:
Not open for further replies.
  1. Palancar

    Palancar Registered Member

    Oct 26, 2011
    You guys that are regulars around here have seen me farting around with several connection models. I have been reading all over numerous forums and I have built TWO "models" for privacy and security.

    I wanted to compare two models that I am currently using. I don't really think the security aspects are much stronger or weaker between the two. Help me to think this all through. I have no interest in running live cd's but I have many ready to go when needed.

    Model one: I have a clean fully encrypted host OS, which is used only to support a pfsense VM and virtualbox connected linux VM's. All internet activity happens inside the VM's. So the connection looks like this ---- router ---- host OS ---- pfsense (vpn restricted) ---- linux VM's. When I update the host it is on a vpn connection but that connection is ONLY used about once a month for updating.

    Model two: I use a fully encrypted Linux OS. The OS is NEVER used for surfing online. I designed a ufw ruleset so the host can only see vpn1, with the exception of LAN for getting to the physical router. I use virtualbox linux VM's for surfing. The host is really clean. The OS is totally secure IF the vpn connection drops and no leaks can happen.

    With either model subsequent "hops" after the first, are all handled the same way and security would therefore be the same on that front.

    There is considerable "discussion" around as to which of these is consistently more secure. With NEITHER host OS ever being used for surfing and with both connections locked to vpn1, I feel they both are pretty darn secure.

    User wise; I will say that model two (all linux and no pfsense) is less of a problem with glitches. In fairness, pfsense works flawlessly on dedicated hardware, but in my application I use it virtually. Pfsense is quite doable but it is touchy when used as I do it.

    One reason I love VM's is that I can delete them in seconds and re-copy a clean clone back to virtual box in 2-3 minutes. In essence I get to start clean and fresh with a few clicks. There is nothing like a clean "no track" OS to surf on. Obviously the isolation of a linux VM and "hiding" the actual machine ID is cool, but that too is the same with both my models.

    I would love to hear your thoughts about my two models. Do you see any significant security differences that I am missing?
    Last edited: Apr 3, 2014
Thread Status:
Not open for further replies.