2. It isn't require a lot technical understand Value Based Healthcare how (not reverse engineering your BIOS to verify its integrity or attempting to debug rootkits). 3. The overhead involved is scalable to the quantity of security required. That is, many shortcuts will be taken without weakening the general system. 4. It's an unambiguous set of steps that don’t require judgment to be carried out. 5. It's fault tolerant (many components can get pwned, and it nonetheless could be very safe).
6. It is efficient in opposition to a variety of menace fashions, as much as and including a nation-state which has full data of your setup, a group of hackers working to pwn you individually, and a black bag team that can enter your house without your knowledge. Let’s call our adversary Eve. I consider unless Eve can bring to bear the sources described in item 6, your setup is perfectly safe. Any feedback on the protocol I describe would be appreciated.
1.
A focused assault wherein the Eve has perfect knowledge of your setup and limitless assets to craft an assault over the internet. 2. Same as 1, however they may attack using malware which infects your hardware (BIOS, NIC, and so forth.) before you purchase it (the provision chain assault). 4. Black bag/ physical access to your own home and computers. I assume the reader can acquired uninfected software.
One technique for doing this is documented on the TOR web site. The essential concept is to download from a number of sources, from a number of web connects, evaluate the hashes, and crypto-markets verify downloads with PGP signatures. The first laptop (which I’ll name CannonFodder) connects to the web via TOR, ideally with PORTAL between the pc and the web. PORTAL is the grugq’s open supply challenge which installs on Raspberry Pi and acts like a proxy forwarding all of your visitors to TOR.
Just lately a hidden service was found on TOR which hacks the browser and phones residence by means of the user’s non-TOR web connection the actual IP handle and MAC tackle of the user.
PORTAL prevents this attack by only allowing site visitors to route by way of TOR, and blocking any other traffic. The aim of CannonFodder is to obtain PGP encrypted messages and send PGP encrypted messages. It’s what connects to the internet so the rest of the gear doesn’t must.
Whereas it is going to be assumed to be hacked into and rootkit’ed, crypto crawler hauler it's not going to be a straightforward goal. On CannonFodder set up no matter private safety merchandise you can get your hands on. Anti-virus, anti-persistence software, software that whitelists good processes and blacklists unhealthy processes, EMIT… Be sure the OS and all software program on it's patched regularly. What OS runs on the host is as much as you. The host will run a VM and nothing else. What virtualization software you use is up to you, however the OS you run within the VM should be different from the host.
So if the host is home windows, the VM needs to be some flavor of linux or BSD.