[FoRK] Recommendations for a reliable subscription-based SSL VPN or proxy service for "secure, portable, virtual" office?
Stephen D. Williams
sdw at lig.net
Sat Dec 29 14:43:51 PST 2012
On 12/26/12 10:05 AM, Ben (B.K.) DeLong wrote:
> Hi all -
>
> Hope everyone had/is having an enjoyable holiday break. I'm at my new
> gig and thinking about being more vigilant regarding the separation of
> personal life and work technologically. Any access of personal files
> or activities, while at work, is done via a Portable Apps setup
> through a Mountable TrueCrypt drive stored on DropBox.
Surprised that works well without corruption...
Although for a whole drive it would be a bit of an efficient storage use
issue (requiring just periodic reset maintenance), SparkleShare+Gitolite
git server via ssh is a great combination, with clients for
Windows/Macosx/Linux or you can use any git client. If the git server were
storing into a TrueCrypt loopback on the server, you'd ruin offline attacks
against your data. Simply sync to another drive somewhere to get
redundancy.
Why not run an ephemeral VM (VirtualBox is free) that mounts a local host
TrueCrypt volume that is a cache for SparkleShare/Git. You could run the
VM from the TrueCrypt volume, but then it would be mounted on the local OS
and Panopticon-like admin / system software would get to it. An ephemeral
VM (that doesn't save updates to disk) that mounts the TrueCrypt volume is
more difficult to attack. This was always a feature of VMWare; not sure how
to do it with VirtualBox. Perhaps with snapshots or similar COW drive
mounts with the drives in the TrueCrypt loopback.
The VM should tunnel all network traffic over SSH to a shell server
somewhere, home if you properly setup incoming ports. Use dynamic DNS to
get to it or something simpler (file on the ssh server is enough).
It's not to hard to get the beginnings of cover traffic to make traffic
analysis tough. This could be done various ways from random data, traffic
sensing reaction, to a smart tunnel that directly augments traffic patterns
with chaff. Modify netcat and then run that over SSH socket proxies.
>
> It syncs regularly and while most of the activity is over SSL, I'd
> like to ensure any and all activity being done from those particular
> applications are done either over an encrypted hosted VPN or (if I
> must) a hosted virtual machine that I can VPN/remote into from work.
>
> I'm not trying to be surreptitious here at my new job, but at the same
> time, I've been trying to find the sweet-spot to this "secure,
> portable, backed-up virtual office" solution for a while and the VPN
> or Virtual machine setup is my last piece.
>
> I'm looking for something that's no more than $10-$30 a month. But I
> am open to alternatives if I replace the dropbox solution.
I've been running a colocated machine one way or another since 1992, with
my own DNS server, etc. When I get around to building almost-never-fail
mini-servers, I have at least two other stable but seldom visited locations
to put servers. I currently have an underused Linux box with 4 large
drives and 10Mb symmetric unlimited use. The hard drive wears out about
once every 2 years; it gets rebooted about once every 6-12 months. It
would probably be a good idea to share it and defray some of the costs,
especially while I'm in (relative) vow-of-poverty startup mode again.
>
> Many thanks in advance for thoughts. I'll share what I come up with.
>
sdw
_______________________________________________
FoRK mailing list
http://xent.com/mailman/listinfo/fork
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list