Eugen Leitl wrote:
I cited those routers as instances of consumer-type cheap VoIP with encryption, which thwarts goverment-mandated tapping by ISPs. Exploiting built-in backdoors or remotely exploitable vulnerabilities is a different threat model. I definitely hope routers with DynDNS/VPN/VoIP and POTS jacks will become more widespread, and use opportunistic encryption as default.
Cool.
I personally am not going to buy the router, as it is lacking functionality and flexibility of a Linux-based firewall.
Hmm, I wonder if the VoIP standard is open enough that fully compatible linux implementations could be made and integrated with ALSA... I'm sure a simple analog circuit could be used to get an rj11 phone jack attached to audio in/out once this is done...
I'm waiting for a passively cooled ~GHz VIA C3 motherboard with two NICs and external fanless power supply to ditch my current proprietary, rather braindead firewall. I've already verified IDE-cf adapters do very nicely, and there are dedicated distros like http://www.nycwireless.net/pebble/ which don't wear down the flash with r/w on /tmp and similiar.
Shouldn't be a problem if you go the Solaris route and use tmpfs/swapfs with no real swap. (For those that don't know, Solaris mounts /tmp into virtual memor space, so if you've got tons of RAM, data written in /tmp is actually written in RAM.)
Should I stick with Linux (there's /dev/random and VPN support in current kernels for the C3 Padlock engine, right?) with SELinux or try OpenBSD for a firewall type machine with hardware crypto support?
I've had very good luck with OBSD so far (knock on fake wood?)... I'm very happy with pf... much nicer than iptables... I haven't used SELinux as a firewall, but have experimented with it. It's excellent in terms of security (if you don't mind the huge failure logs), but, it's a bitch to configure properly... I'd go for something between UML (User Mode Linux) and SELinux. Use SELINUX as the main host and UML to partition off untrusted applications in sandboxes (i.e. to run apache, etc.)