An ideally secure network will have certain features:

  • Encrypted contents: MITM attacks cannot determine what data is moving across the network.
  • Encrypted storage: Those with physical access to a network node cannot tell what data the node contains.
  • Redundancy: The network can survive the removal of any node without loss of data.
  • Expansion: The operator can raise new nodes with minimal effort.
  • Immunity: The network can resist the insertion of fraudulent nodes by a hostile party.

Basically, an encrypted cloud with encrypted transportation running on servers with encrypted disks.

Advanced features:

  • Confusing transportation: Upon intercepting and decoding a message, an observer cannot identify the sender or intended recipient.
  • Invisible transportation: The network cannot be identified unless the observer is looking for it.
  • Obscured transport method: An observer will have difficulty determining that observed traffic is part of the network. For example, data sent over DNS or ICMP may be ignored by most observers.
  • Obscured transmission method: An observer with physical access will have difficulty observing that the transmission is taking place. For example, there was a virus that communicated with other infected systems in the same server room using sounds outside of human hearing range through a computer's speakers and microphones.

zdnet lists five cloud systems: Openstack, Docker, KVM, CloudStack, Ceph. Docker is reportedly popular.

Ceph is a distributed storage engine. The others seem to be different types of products.

The closest to an off-the-shelf system might be:

  1. Use Ceph
  2. Run every Ceph instance on an encrypted HD
  3. Run every intermediary connection through an encrypted tunnel
  4. Run the tunnels through tor?
  5. Develop a generic method of raising a new node and adding it

Page generated Sep. 23rd, 2017 09:56 pm
Powered by Dreamwidth Studios