[tor-talk] Securing a Relay - chroot

Marsh Ray marsh at extendedsubset.com
Fri May 27 17:05:49 UTC 2011


On 05/27/2011 11:22 AM, CACook at quantum-sci.com wrote:
> On Friday 27 May, 2011 08:10:47 tagnaq wrote:
>> You do not mention the threats you worry about and assets you care
>> about (thread model + security requirements).
>
> Yes that's because I don't know what threats there may be.

http://en.wikipedia.org/wiki/There_are_known_knowns

> I am a
> user, I don't have an MS in Computer Science.

Heh, I've known those who do who couldn't get as far as you have already.

>  For example I don't
> understand, "maps subnets and/or ports to inside. Separating traffic
> into VLANs. In general having a lot more control of the hardware
> layer."

Wikipedia has a great article on VLANs.

> What good is this if users can't secure their own machine
> effectively?
> Why set up a relay if my own machine could be
> compromised?

You are asking entirely valid questions that the entire data security 
industry also struggles with every day on a deep level. I don't have a 
real satisfying answer for you.

You already understand the key point though: separation. Decide which 
systems you trust and for what purpose in what contexts you trust them. 
Place systems in different trust zones accordingly. Implement barriers 
between the zones and be very selective about what is allowed to pass.

> No wonder you have a hard time recruiting relays, much
> less exit points.  I guess the coyness here is for some good reason,
> but it's not doing the cause any good.  Looks like I have to give up
> on a relay.

Computers and networks are inherently good at copying and leaking 
information, they do it without even trying. Providing an open service 
while perfectly blocking the flow of selective information is actually 
extremely difficult to do on shared hardware.

There is always a cost to security, usually complexity, performance, 
administration, and money. I find this stuff fascinating and spend all 
my learning about it. But when I set up a relay the other day, I chose 
to address most of these problems with money: I paid a few dollars a 
month for a remote virtual host environment having no trust 
relationships with any of my other systems.

- Marsh


More information about the tor-talk mailing list