[FoRK] Recommendations for a reliable subscription-based SSL VPN or proxy service for "secure, portable, virtual" office?
Stephen D. Williams
sdw at lig.net
Sat Dec 29 14:43:51 PST 2012
On 12/26/12 10:05 AM, Ben (B.K.) DeLong wrote:
> Hi all -
> Hope everyone had/is having an enjoyable holiday break. I'm at my new
> gig and thinking about being more vigilant regarding the separation of
> personal life and work technologically. Any access of personal files
> or activities, while at work, is done via a Portable Apps setup
> through a Mountable TrueCrypt drive stored on DropBox.
Surprised that works well without corruption...
Although for a whole drive it would be a bit of an efficient storage use issue (requiring just periodic reset maintenance),
SparkleShare+Gitolite git server via ssh is a great combination, with clients for Windows/Macosx/Linux or you can use any git
client. If the git server were storing into a TrueCrypt loopback on the server, you'd ruin offline attacks against your data.
Simply sync to another drive somewhere to get redundancy.
Why not run an ephemeral VM (VirtualBox is free) that mounts a local host TrueCrypt volume that is a cache for SparkleShare/Git.
You could run the VM from the TrueCrypt volume, but then it would be mounted on the local OS and Panopticon-like admin / system
software would get to it. An ephemeral VM (that doesn't save updates to disk) that mounts the TrueCrypt volume is more difficult to
attack. This was always a feature of VMWare; not sure how to do it with VirtualBox. Perhaps with snapshots or similar COW drive
mounts with the drives in the TrueCrypt loopback.
The VM should tunnel all network traffic over SSH to a shell server somewhere, home if you properly setup incoming ports. Use
dynamic DNS to get to it or something simpler (file on the ssh server is enough).
It's not to hard to get the beginnings of cover traffic to make traffic analysis tough. This could be done various ways from random
data, traffic sensing reaction, to a smart tunnel that directly augments traffic patterns with chaff. Modify netcat and then run
that over SSH socket proxies.
> It syncs regularly and while most of the activity is over SSL, I'd
> like to ensure any and all activity being done from those particular
> applications are done either over an encrypted hosted VPN or (if I
> must) a hosted virtual machine that I can VPN/remote into from work.
> I'm not trying to be surreptitious here at my new job, but at the same
> time, I've been trying to find the sweet-spot to this "secure,
> portable, backed-up virtual office" solution for a while and the VPN
> or Virtual machine setup is my last piece.
> I'm looking for something that's no more than $10-$30 a month. But I
> am open to alternatives if I replace the dropbox solution.
I've been running a colocated machine one way or another since 1992, with my own DNS server, etc. When I get around to building
almost-never-fail mini-servers, I have at least two other stable but seldom visited locations to put servers. I currently have an
underused Linux box with 4 large drives and 10Mb symmetric unlimited use. The hard drive wears out about once every 2 years; it
gets rebooted about once every 6-12 months. It would probably be a good idea to share it and defray some of the costs, especially
while I'm in (relative) vow-of-poverty startup mode again.
> Many thanks in advance for thoughts. I'll share what I come up with.
More information about the FoRK