An ideally secure network will have certain features:
- Encrypted contents: MITM attacks cannot determine what data is moving across the network.
- Encrypted storage: Those with physical access to a network node cannot tell what data the node contains.
- Redundancy: The network can survive the removal of any node without loss of data.
- Expansion: The operator can raise new nodes with minimal effort.
- Immunity: The network can resist the insertion of fraudulent nodes by a hostile party.
Basically, an encrypted cloud with encrypted transportation running on servers with encrypted disks.
- Confusing transportation: Upon intercepting and decoding a message, an observer cannot identify the sender or intended recipient.
- Invisible transportation: The network cannot be identified unless the observer is looking for it.
- Obscured transport method: An observer will have difficulty determining that observed traffic is part of the network. For example, data sent over DNS or ICMP may be ignored by most observers.
- Obscured transmission method: An observer with physical access will have difficulty observing that the transmission is taking place. For example, there was a virus that communicated with other infected systems in the same server room using sounds outside of human hearing range through a computer's speakers and microphones.
zdnet lists five cloud systems: Openstack, Docker, KVM, CloudStack, Ceph. Docker is reportedly popular.
Ceph is a distributed storage engine. The others seem to be different types of products.
The closest to an off-the-shelf system might be:
- Use Ceph
- Run every Ceph instance on an encrypted HD
- Run every intermediary connection through an encrypted tunnel
- Run the tunnels through tor?
- Develop a generic method of raising a new node and adding it