Researching software and keeping your knowledge up-to-date is an important aspect of getting a perfect and secure Fortress Linux operating system, no matter how much time and energy it costs. So, I have done extra research and testing last year and the following software will be used in the new Fortress Linux:
- GRSecurity.
GRSecurity has more features, is more secure, easier to use and is better maintained then SELinux and AppArmour. There are several known exploits in SELinux and AppArmour. You can find some SE-Linux exploits here:
- Cryptsetup, loop-AES with AES-256 (Rijndael) and Serpent encryption ciphers.
These are considered as the best after testing and studying several types of encryption software, ciphers and their algorithms.
The Serpent cipher is more secure then AES but it is about seven to ten times slower. AES still offers a very high security level and is considered safe enough for all purposes.
You will also be able to choose for double encryption to prevent watermarking attacks or to increase the security level. Remember that extreme encryption will have a negative affect on your system performance.
I am still working on a solution to "fix" the only missing feature in cryptsetup: Hidden containers to provide deniable encryption. In simple terms: You cannot see if the drive is encrypted or not.
5th of February 2010:
The upcomming European policies on data retention and the controversial "three-strikes-you're-out" law are forming a serious threat to the security, privacy and freedom of civilians and companies.
Data retention means that online phone calls, emails and Internet activities of every European will be stored for at least six months, placing legal duties on Internet companies to store everyone's private information, including email traffic and Internet browsing histories.
Besides the fact that this information can be used against you in the upcoming European "three-strikes-you're-out" law; What is done with this confidential information? And who has access to all this information? We will never know.... All we know is that Big Brother has arrived and he forgot to close the door behind him...
And see here what happens next. That article is a very good example of very poor implemented security policies and careless user behavior. Securing your data and privacy just does not stop at your computer or local network; You also need a good security and privacy solution on the Internet.
I have done a lot of research on this subject together with some other security experts and privacy organizations and I have decided to change the Fortress Linux development priorities and tactics:
The current Fortress Linux Website and the Small Fortress Linux (Live) distribution will be redesigned, upgraded and tested to use the following secured services on our new server:
- Encrypted online data storage
- A secure and anonymous proxy for HTTP, HTTPS, FTP connections equipped with an anti-virus scanner
- Secure SIP / Voip / Skype telephone calls
- Secure email / web-mail services equipped with a spam killer
- A TOR server
- An extra firewall
- A secure private Fortress Linux Community network to share information and data securely among (a group of) of other FL users.
These services will be available to all our users by setting up a secure connection from your computer to the secured FL server. All your data and communication from, to and across the server is secured, no private information will be logged and your Internet activities cannot be traced back to you when you keep the default security settings of Fortress Linux.
When this is all finished, I will give the mail list subscribers the opportunity to be the first ones to test the Small Fortress Linux distribution and the new services if their willing to fill in an anonymous survey afterwards. This information will be used to improve Fortress Linux or to fix found bugs.
And when this is done, I will release Small Fortress Linux to the public and I start rebuilding the full Fortress Linux OS.
Note: I will not release any software without any research or proper testing. This could harm the user experience and the high level of security, stability and quality of Fortress Linux. Although bugs are not completely unavoidable.
Please understand that my spare time is limited and I had spent too much time in the past into fixing and reporting bug/exploits found in the Linux kernel and other (core) Linux programs which are used in Fortress Linux.
Anyway, I am always open for any good suggestions and you can always join the Fortress Linux team of security and freedom if you have any spare time left and if you have some knowledge of:
- Linux server and hosting skills (LAMP)
- Linux security (Iptables, grsecurity, PAX, aide, tripwire, Bastille, cryptsetup etc.)
- The Linux kernel
- BASH scripting
- BootP / netboot
- TOR
- Busybox
- Squid / ClamAV
- Asterix / Openser / OpenSis
- OpenVPN
- Qmail / Postfix / Squirrel Mail / Spamassasin
- Perl
- Drupal
- PHP
- Voip
- Web Designing
- Marketing
- Or when you are a native English speaker/writer
- etc.
I am working about four to six hours a day on Fortress Linux next to my normal job. I try to do everthing as fast as possible, but any extra pair of hands can help.