[tor-bugs] #13703 [Tor]: Adding doc/HARDENING
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Nov 28 15:38:11 UTC 2014
#13703: Adding doc/HARDENING
-------------------------+-------------------------------------------------
Reporter: mmcc | Owner:
Type: | Status: new
enhancement | Milestone: Tor: 0.2.???
Priority: normal | Version: Tor: unspecified
Component: Tor | Keywords: hardening, security, opsec, docs
Resolution: | 026-deferrable lorax
Actual Points: | Parent ID:
Points: |
-------------------------+-------------------------------------------------
Comment (by cypherpunks-duplicate):
Some more advanced points to add for servers:
IPMI and BMC/RMC awareness. Make sure you don't expose any management
interface on server IP or dedicated IP. Check from inside the providers
network and from outside. Nmap -sSV -p1-65535
Configure mail system with TLS for outgoing mail only and with local
(providers) smtp relay, if available
Use simple log monitoring tool to alert in case of strange happenings.
Before bringing the server online, install and configure tripwire.
If possible, use a trusted hardware firewall to lock down traffic to
exactly what is needed to operate. Have the firewall log any outgoing UDP
traffic from the server, and if such traffic is observed and non-
explainable, consider the hardware compromised.
Use availability monitoring and latency monitoring (smokeping) to be in
the picture what happens with the server.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13703#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list