[personal profile] tangaroa

An ideally secure network will have certain features:

  • Encrypted contents: MITM attacks cannot determine what data is moving across the network.
  • Encrypted storage: Those with physical access to a network node cannot tell what data the node contains.
  • Redundancy: The network can survive the removal of any node without loss of data.
  • Expansion: The operator can raise new nodes with minimal effort.
  • Immunity: The network can resist the insertion of fraudulent nodes by a hostile party.

Basically, an encrypted cloud with encrypted transportation running on servers with encrypted disks.

Advanced features:

  • Confusing transportation: Upon intercepting and decoding a message, an observer cannot identify the sender or intended recipient.
  • Invisible transportation: The network cannot be identified unless the observer is looking for it.
  • Obscured transport method: An observer will have difficulty determining that observed traffic is part of the network. For example, data sent over DNS or ICMP may be ignored by most observers.
  • Obscured transmission method: An observer with physical access will have difficulty observing that the transmission is taking place. For example, there was a virus that communicated with other infected systems in the same server room using sounds outside of human hearing range through a computer's speakers and microphones.

zdnet lists five cloud systems: Openstack, Docker, KVM, CloudStack, Ceph. Docker is reportedly popular.

Ceph is a distributed storage engine. The others seem to be different types of products.

The closest to an off-the-shelf system might be:

  1. Use Ceph
  2. Run every Ceph instance on an encrypted HD
  3. Run every intermediary connection through an encrypted tunnel
  4. Run the tunnels through tor?
  5. Develop a generic method of raising a new node and adding it

From:
Anonymous( )Anonymous This account has disabled anonymous posting.
OpenID( )OpenID You can comment on this post while signed in with an account from many other sites, once you have confirmed your email address. Sign in using OpenID.
User
Account name:
Password:
If you don't have an account you can create one now.
Subject:
HTML doesn't work in the subject.

Message:

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.
Page generated May. 29th, 2017 07:09 pm
Powered by Dreamwidth Studios