-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 7/2/2014 9:50 AM, Kali Tor wrote:
All,
Are there anything special that needs to be done to make sure that Tor nodes running inside VMs (VPS) is protected from snooping eyes? Since there is hardly any data at rest I am assuming not, but then, what do I know!:)
-kali-
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Kali
I don't understand what exactly you mean, snooping eyes.Anyone can see at anytime that the VPS in questions is a Tor relay. 1 method is by seeing the traffic it generates and second is the consensus data in the Tor network, where all relays IP addresses are listed. This should not be a problem whatsoever, Tor is not designed to hide the fact that you use it or that you run a Tor relay. It is designed to offer anonymity and privacy in activity, not if you use it or not.
If you are asking how to secure your box better, indeed the public IP address list of relays is often scanned and brute forced. That is why I recommend:
- - if you run only Tor on that box is best, if not make sure your apps are properly secured (mysql not listening on public IP if it's not a remote mysql server, strong passwords for mysql, ftp, etc.). - - make sure only ports used by Tor are open. There is no need for anything else. - - if you use ssh for administration that is fine, just change the port from 22 in /etc/ssh/sshd_config to some custom port, anything, like 2988 or whatever. - - permanently disabled plain password authentication or rhost authentication in sshd_config and only allow key-based authentication for better security and protection against weak password probing. - - do not allow any other users for SSH access.
Let me know if you have any other questions.
- -- s7r PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11