Lavabit and End-point Security

[coderman]

On Fri, Aug 9, 2013 at 7:43 AM, Sean Alexandre <sean at alexan.org> wrote:
> ... this says Lavabit's security was so good they
> couldn't back door his machines....
>
> I'd love to see some kind of write-up by Ladar about how he did this...maybe
> even a book.

i've been contemplating a write up about this, but the problem is once
you advertise your methods they become less effective.

there really is "security through obscurity" in this sense; when at a
resource disadvantage, every little bit counts...


if i were to summarize what i have found effective against dedicated
and resourceful attackers (again, i can't go into details :) this
would be the top 5:

1. use a common distro, but rebuild critical components - bootloader,
initramfs, openssl, openssh, the kernel, gnutls, libgmp, use 64bit,
etc.

2. use isolation and RBAC, Qubes, VirtualBox, VMWare, Parallels,
remember that VM escapes are available and expected. defense in depth
can never be too deep.

3. use constrained network access - identify anomalies, control
bandwidth, firewall ingress and egress aggressively. this implies
constant monitoring to detect such events. (another exercise left to
the reader)

4. rootkit and backdoor your own systems - use the dirty tricks to
observe and constrain your system before someone else uses dirty
tricks to compromise your system.

5. don't forget physical security - this is the universal oversight
and most effective end run around all other operational and technical
security measures. there is a reason physical access so often implies
"game over" and why black bag jobs are still and will continue to be
effective against all targets.


perhaps more later,