[tor-talk] Securing a hidden service

adrelanos adrelanos at riseup.net
Fri Dec 7 23:26:53 UTC 2012


Aaron Brouard:
> I'm trying to make my hidden service more secure. It runs on a server
> running Ubuntu 12.04.1 LTS server version. I have set up full disk
> encryption

FDE is nice, but only helps once it's too late. Once someone physically
obtained the disk and being unable to force you to reveal the password.

> and a basic firewall but I want to do more. If an attacker
> managed to compromise nginx or apache (whichever I decide to use), is there
> a way I can prevent the web server from sending any data outside of the Tor
> network? An apparmor profile or something?

Yes. Isolating proxy.

https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/IsolatingProxy

My project Whonix is exactly about this topic. Feel free to learn from
the concept, design, source code (configuration files), build it from
source or use the download version.

https://sourceforge.net/p/whonix/wiki/Home/

Physical Isolation. (Tor-Gateway runs on a second piece of hardware.
Server can only connect through the Gateway.)

https://sourceforge.net/p/whonix/wiki/PhysicalIsolation/

If you understand Physical Isolation, it is the most safe Tor
configuration. Whonix documentation also gives you a lot inspiration to
further improve security. You could end up with hardened gentoo etc. etc...


More information about the tor-talk mailing list