[tor-talk] Securing a hidden service
Eugen Leitl
eugen at leitl.org
Sat Dec 8 10:17:03 UTC 2012
On Fri, Dec 07, 2012 at 09:50:32PM +0000, Aaron Brouard wrote:
> I'm trying to make my hidden service more secure. It runs on a server
> running Ubuntu 12.04.1 LTS server version. I have set up full disk
If you can't place the service on physically distinct machines,
private (RFC1918) address space with ACL lockdown in the switches
(or at least, dedicated VLANs) you can at least compartmentalize
the application into virtual server guests (heavyweight via KVM
or lightweight via LHC https://help.ubuntu.com/community/LXC or Linux VServer)
and firewall it on the host.
> encryption and a basic firewall but I want to do more. If an attacker
> managed to compromise nginx or apache (whichever I decide to use), is there
> a way I can prevent the web server from sending any data outside of the Tor
> network? An apparmor profile or something?
More information about the tor-talk
mailing list