OK, I’ve got my first “Safer Appliance Computer” (S.A.C.) running in regular service. Ive chosen a “Torrent Server” as the first application mostly because it’s what I’ve been doing a lot of lately. Having just learned to use BitTorrent, I’ve come to like it. ( It is a ‘peer to peer’ file sharing service commonly used by kids to share music and pirate movies, by geeks to share new releases of software, and by anyone needing to ‘share’ files broadly and rapidly with minimal infrastructure. Having no ‘central server’ also helps prevent shutting down services via police activity.)
I’ve “moved on” from the testing with the 266 MHz Toshiba Laptop as the initial target; due to it requiring an older 2.4 kernel and / or being ‘dog slow’ on anything that didn’t do RAM disks and other ‘special’ things. Works fine on very old Linux releases… that don’t have modern browsers or Torrent services… so it will take an ‘integration / porting’ effort. Something for ‘later’…
The first S.A.C up and in production is running on an old HP Vectra with 256 MB of memory and a 766 MHz Pentium III “Coppermine” CPU. For truly ‘private’ computing it is not an ideal platform. It is from the ill fated attempt to put a software readable unique serial number in Pentium processors. When the EU started voting to forbid that, and customers started looking at AMD more, well, Intel “left that feature out” of later chips. At any rate, in theory, this unique CPU could have a Serial Number read and tracked. So it’s “OK for playing” but not for anything seriously secret / having legal implications. For that you need either older or newer CPUs or run in a Virtual Machine.
Controversy about privacy issues
The Pentium III was the first x86 CPU to include a unique, retrievable, identification number, called PSN (Processor Serial Number). A Pentium III’s PSN can be read by software through the CPUID instruction if this feature has not been disabled through the BIOS.
On November 29, 1999, the Science and Technology Options Assessment (STOA) Panel of the European Parliament, following their report on electronic surveillance techniques asked parliamentary committee members to consider legal measures that would “prevent these chips from being installed in the computers of European citizens.”
Eventually Intel decided to remove the PSN feature on Tualatin-based Pentium IIIs, and the feature was not carried through to the Pentium 4 or Pentium M. The feature does not exist in modern Intel x86 CPUs.
The things a “Security Guy” needs to worry about / watch… (Want to bet the new BIOS replacement can uniquely self identify?… it must if it is to implement the ‘software security’ that it is touted as ‘providing’…)
The Operating System / Applications Suite
I’ve gone with the generic “Crunch Bang” Linux (also written as “#!” which are “special” in that they start off many Unix / Linux scripts as a directive about what to do / what is to come in the script). This LiveCD release isn’t ideal. The system is NOT “hardened” and it does some “silly things” like launching you automatically into a “sudo user” (meaning that the default user account can ‘su’ to Super User abilities and do just about anything to the box). So ‘eventually’ I need to ‘harden’ it. Shut off services not wanted. Make the default account VERY limited in abilities. All the usual things.
But since it is running from a CD, it’s pretty well “locked down” already ;-) Major thing I needed to do was unplug the internal disks so that anyone ‘getting root’ (administrative privilege) via hacking into the live system can’t mount the disks, inspect them, write to them, whatever. Easy enough on this box. Couple of plastic clips, slide the lid back, unplug power to the disk, put the lid back.
Running the operating system from the CD drive is a little slow when it needs to load a new module (as you get to wait for the disk to spin up). Next on the “to do” list is to do a USB / Thumbdrive install (to a lockable USB chip like an SD card) for the added speed. It is tolerable from the CD, but would be faster with random access solid state ‘disk’. Even slow forms like SD cards. It also has the quirk that every so often it puts up an error message that it could not eject the CD. (Probably a good thing since I’m running from it ;-)
So why use that release / Linux Distribution?
It come with decent browsers built in. It has Libre Office (Open Office under any other name…) It has “Transmission” built in (so no need for package administration to get a bittorrent server going). The GUI is reasonably nice; and while it has what I find a bit annoying, the more ‘modern’ behaviour of ‘right click to get a menu’ ( I like naive user friendly visible menus that the novice can see and explore while doing nothing ‘special’ that isn’t visually cued); it’s OK and not that hard to ‘discover’ once you are used to the idea of randomly clicking on things with each mouse key (even an empty patch of desktop…). It seems to be the current fad, so harder to avoid lately. At any rate, it’s not that hard to adapt to it.
There is also an ‘application’ named ‘conky’ (IIRC) that puts hints on the desktop as to what chords to play to make ‘special things’ happen. (Like pressing CTL-ALT-DEL all at once). I’m not fond of “special key chords”, but lots of MicroSoft folks are; at least this lets you put them where they can be seen…
User Interface gripe aside; the choice of applications present by default is good for a ‘typical’ starter desktop. Things are reasonably well laid out (once you discover the need to right click ala MicroSoft… just to get a menu). They seem to work well, and the speed is ‘not too bad’ even on medium old hardware. Yeah, it won’t boot on the old Toyshiba LTop… Oh Well… The T-LapTop can stay with Puppy Linux or Damn Small Linux until I make a ‘custom’ release for it. Just doing basic ‘disposable browser’ duty.
Back at the Vectra #! Torrent Server:
I’ve been snagging a bunch of old Linux releases (they work better on the older hardware and they are evaporating from the Web at a surprising rate) via BitTorrent. Now it wants to “seed” them back to the internet; to act as a server. Sharing the files on to other folks who want them; which is how peer-to-peer works. As, for some of the files, I’m the only person now seeding them, I feel guilty about shutting down the laptop (in some cases I had to FTP the file and put it up linking back to the existing Torrent Tracker as no one else was seeding them) . That means either I leave it running 24 x 7 (not good for laptops…) or I find a better way. So my first “appliance” box is a Torrent Server.
I’ve copied the .torrent files (that describe what is being shared and who is the Torrent Tracker and has the file check data and…) along with the actual data files (the thing being downloaded or uploaded) onto an 8 GB “micro-SD” card (about the size of your little fingernail). That micro-sized card is placed into a standard SD card carrier (that has a ‘lock’ switch on it) that goes into a USB adapter. This is plugged into a USB hub (just because I don’t like getting to the back of the box where HP hid the USB ports on this box). Yes, I could just use a simple SD card. I was interested in seeing how small a ‘chip’ I could use as a ‘remove and hide’ data store.
Now I can lock the card for ‘read only’ use if desired. The “micro” SD cards lack a ‘lock’ option, so the adapter to standard SD size also provides that. Best of both worlds. A micro sized chip to hide / dispose and a write lock switch.
At the point where the SD card is locked and the operating system is loaded from a CD, not much can be changed by malicious code or people on the machine. The data being served is locked and the OS is from a CD (eventually to be a similarly locked USB / SD chip). Not much that a system cracker can do. If you reboot it every so often, anything on it ‘goes away’ anyway. IF it does get hacked, it’s only the copy of the OS running in RAM, and they can see the Torrent server running. Big whoop!
IFF someone breaks into that Torrent Server box, they could use it to “snoop” the rest of the network, so a reboot of the box before doing other things will “blow off” anyone who’s cracked into it. Eventually I’ll firewall it off and that step becomes optional.
One thing I discovered in making it go was that the “Transmission” torrent server will let me point uploads and downloads at directories other than the default (./download) BUT, it would not let me go into subdirectories. I’d put the .torrent files in a folder named ‘Torrent Files’ and the actual download / upload images into a folder named ‘Torrent Data’. That’s a negatory… They must be at the top level in that USB drive to be seen by the Transmission torrent server program. Not a big deal as that USB drive is dedicated to that use anyway; but if you have a load of things on a USB drive and think you can stick Torrent down in a subfolder… think again.
I need to turn on / configure whatever ‘Firewall’ code is built into CrunchBang Linux.
I need to make a dedicated USB installation of CrunchBang Linux (which means I need to go buy another USB adapter and SD card – 32 GB this time, I think ;-)
At some point I need to look at ‘hardening’ the system more.
I need to implement a “DMZ” Demilitarized Zone network structure. At commercial sites, there is the “inside” or private network, the “outside” or internet, and then a ‘special’ network that is more internet exposed, and still outside the strongest firewall, for ‘sharing’ things to the internet. Mail, file swaps, etc. all come from servers in this DMZ. As they are on all the time, they are more subject to attack and compromise. A firewall between THEM and the ‘private’ network lets ONLY the desired services from that server to / from the private network. So I need to bulid a DMZ behind my ISP connection / router. That mostly consists of adding a firewall between the home network and the hub on the telco line. Not essential, but ‘nice to do’ someday. While MicoSoft and Linux are building ‘firewalls’ into their OS code as a ‘sort of a firewall’, it is safer to have a dedicated, locked, limited function, firewall box. That will be another SAC project for “real soon now” ;-) At that point, the ‘browser’ and ‘desktop’ functions move to a machine behind that inner firewall box and the Torrent Server is left on the internet modem/router/hub.
Further, I’m not sure what virus checking is being done by the Transmission torrent server. I think there’s an open source virus checker floating around (that may already be built in?) but need to ‘figure that out’ and any/all of: install, turn on, configure, admire it. It is theoretically possible for a virus package to be on a Torrent download and that could then be passed on to others as the file is downloaded. (It would be a bit hard as there are data consistency checks all over the place in Torrent, and especially since I’m downloading pretty well known Linux binaries and sources, not random movies and music, the risk for me is low.) Still, it ought to be done.
I ought to get encryption going on a disk / USB drive. Not a big priority as I’ve already done that experiment on the HP laptop and it’s easy and works well. Still, doing it on the Linux box is an important ‘next step’. Also the data and OS on the CrunchBang Linux box are all in the public domain anyway, so I don’t really have anything to hide. It’s more a matter of testing and completion than any real need. To be able to demonstrate the process of “kill power and pull micro-SD chip” to a dark useless box. Just two fingernail sized encrypted chips to drop in the flowerpot…
I also need to install TOR (The Onion Router) and Tor Browser on it to assure I can do ‘really private’ browsing if desired. And relatively private downloads. Torrent file transfer is “discouraged” on The Onion Network (as it is a bandwidth suck on a system which is already using bandwidth to reroute packets a lot), so eventually I need to get some of the more “private” torrent oriented dark network codes going too. The clandestine music and movie pirates have a couple of them working. I’m pretty sure they would not mind my sending some legitimate download traffic over their networks ;-) But all that is pretty low priority for me right now.
For now, it will run “as is” as I try to catch up on other things I’ve let go too long. It’s “good enough for purpose”. Enhancements can come over time.
You can download CrunchBang Linux here:
It lists both 32 bit and 64 bit versions. I’m running the 32 bit version.
They are making a new website to be available ‘real soon now’ and direct folks to the ‘old’ website until it is ready… why not just build the old one quietly? Who knows… but here’s the “old” one that is the only one with anything on it right now:
CrunchBang is a Debian GNU/Linux based distribution offering a great blend of speed, style and substance. Using the nimble Openbox window manager, it is highly customisable and provides a modern, full-featured GNU/Linux system without sacrificing performance.
The OneSwarm network is a JAVA based anonymizer for Peer to Peer (P2P) file sharing. Still in a bit of a Beta release status, but you can see where things are headed for ‘private sharing’.
OneSwarm is a privacy-preserving P2P client developed at the University of Washington. Although backward compatible with traditional BitTorrent clients, OneSwarm also includes new features designed to protect user privacy when sharing data among friends through creating a distributed darknet, so-called friend-to-friend sharing.
OneSwarm is based on the Azureus (Vuze) BitTorrent client.
As Java has some security ‘issues’ of its own, I’d rather a non-Java implementation. Still, OneSwarm is better than the alternatives at present. So on the ‘todo’ list is to put OneSwarm on the SAC Torrent Server and see how it all goes together. At that point you have Onion browsing and fetching, then a OneSwarm based ‘sharing’ from a system that resets on reboot and has everything on encrypted chips anyway. Pull the plug, pull the chips from the SD sockets (all of about 10 seconds) and in about 30 seconds the RAM has degraded to where it isn’t usable for a cold boot attack, where frozen RAM can be used to extract data. (Or if power is still available, just hit power back on after you turned the box off; and have the BIOS set to ‘test memory on boot’ – as mine is – that will scrub it…) So any physical breech requires only a 1 minute or so ‘delay’ to have a ‘brick’ against even the folks with liquid nitrogen cans…
So that’s about it for now. FWIW, as I’ve only just launched the Transmission Torrent Server on the ‘box’, I can only state that it looks to be working and talking to the Torrent Trackers and such. I’ve seen ‘transmission’ show up in the list of BitTorrent servers / clients, and it is typically one of the faster and more reliable agents on the lists. I’ve not seen actual data uploads happen yet. Then again, I’ve seeded it with under seeded and not very much in demand files, so not that frequently requested. It ought to work fine.
uTorrent is worst. It has some behaviours that interact badly with BitTorrent when BitTorrent is seeding many files, such that uTorrent seeders / peers on other downloads ‘snub’ often and only move data slowly / rarely. At those times, Transmission servers just fly and take on most of the providing work. Oddly, shutting off almost all ‘upload’ and ‘seeding’ on the Windows BitTorrent application lets the uTorrent seeds actually provide data at reasonable rates. May be some kind of resource allocation thing inside BitTorrent or perhaps that uTorrent uses a different protocol, uTP, that is sensitive. At any rate, as a server, Transmission ‘plays well with others’ from what I’ve seen as a BitTorrent client.
Oh, and a final sidebar on “client” and “server”: As this is a peer to peer function, there technically are no clients and no servers. As used here, “client” means a machine with an empty file downloading it, and “server” is a machine that has the file and is sending it. In the middle state of partly downloaded, the machine is both getting and sending data, so is both a client to some and server for others. While technically neither, I think this usage is clearer than being precise on it being ‘all peers’ and constantly needing to qualify by ‘download’ and ‘upload’.