[Tails-dev] Tails Attack Surface Reduction - Bridge Enforcem…

Delete this message

Reply to this message
Author: adev
Date:  
To: tails-dev
Subject: [Tails-dev] Tails Attack Surface Reduction - Bridge Enforcement
Hello


Work is being done on adding bridge support to Tails


In addition to supporting bridges, here is another idea:


[Standard Tails Livecd] 1.
|
|
|
[Bridging Firewall - Allow only bridgeip:bridgeport] 2.




1. The standard tails livecd is just the normal tails os, the user enters
their bridges into vidalia, or however it ends up being supported in tails


2. This is simply a bridge firewall, for example a Tails livecd where
iptables is configured to be a transparent bridge firewall.
The user also enters their bridge IPs in here

The bridging firewall is simply iptables in bridge mode (no IP addresses
used) and is told to ONLY allow traffic going to and from the user
supplied bridge IP addresses



The attack surface for revealing a users IP is now reduced to being able
to exploit a vulnerability in iptables, these are *extremely* rare
compared to vulnerabilities in the end-user applications used, local
kernel exploits etc


Worth the effort making a bridge firewall CD ?