Figure 49: Whonix operation diagram
As we can see in Figure 49, the
Workstation is an environment that allows us
to work within an isolated area from the
Gateway, a Virtual Machine already
designed to connect via Tor. Nonetheless, keep in mind that Whonix has the
same security limitations as we mentioned in the “Tor” chapter; additionally,
unlike Tails, it is not a ready-made operating system, since you need to be
familiar with the GNU/Linux environment in order to use it.
The downside
of such difference is the lack of some features that make Tails
more beneficial, like the following:
-
The lack of pre-configured Mac Spoofing
-
The lack of software “amnesia”, namely all the features aiming to remove
any information in the computer
-
The lack of metadata flushing
-
The lack of a complete encryption at the mail level,
due to the backwards
compatibility with the SMTP protocol
-
and more
[148]
.
Some of these gaps can be filled through Qubes virtualization, others by
applying certain techniques we already mentioned in this document. However,
Whonix and Qubes are designed to be used from a fixed machine, the price to
pay when you want usability rather than safety (I can assure you such balance is
quite common in IT Security)
[149]
.
10.2.4 Subgraph OS
We can define Subgraph OS as the latest addition
to Operating Systems for
privacy and anonymity. It’s still in Alpha, therefore just consider it as the draft of
what it will become in the future.
Developers ensure that Subgraph OS will be a groundbreaking Operating
System, and they be right to some extent: it has been designed to be a fast OS
that can be also used in older computers, a safe system for users who are
concerned about their privacy. The following Figure 50 is a diagram about the
10.2.4.1 Hardened like few others
Subgraph OS is deployed by default with a
ready-compiled kernel of
Grsecurity, a set of patches ensuring a high level of security within the system.
Grsecurity includes PaX, a component that detects many different OS attacks,
like buffer overflows, using the ASLR technology to randomize memory
allocations and obstruct any memory-level attack.
Subgraph OS also implies the same virtualization concept we already saw
with Qubes OS: the purpose is to create isolated Sandboxes that cannot inter-
communicate. In case of software
exploits, the Operating System won’t be
impacted, making them ineffective. Such process in ensured by OZ,
a sandbox
framework specifically designed for Subgraph OS. If you wonder if Subgraph
OS supports file system encryption, the answer is: sure it does! Furthermore, it is
mandatory.
Most of the tools specifically written for Subgraph OS are high-level
(probably interpreted and not compiled) so they can resist to memory attacks;
additionally, the majority of the tools considered unnecessary have been
removed, while the crucial ones have been integrated with security measures
and, in some cases, even rewritten from scratch (like the default email client).
10.2.4.2
Network and Anonymity
Just like Qubes, we can find a networking domain: here it’s called Subgraph
Metaproxy and is accompanied by a Software Firewall. While the Firewall only
allows the applications to connect to the Metaproxy, the latter is configured to
connect each program to a single TOR relay, routing the connections across
multiple channels and minimizing shared information in the network. In short,
navigating the web and writing a mail will imply
using two different TOR
networks, and such prerogative will always be ensured by the Metaproxy. Back
to the firewall, users can temporarily or permanently grant the network access to
any software, removing any chance of System infection by a backdoor (unless it
is already residing in a whitelisted process). App whitelisting is performed both
by application name and target address; if an non-whitelisted application tries to
connect, the Firewall will just kill the connection.
As you understood, Subgraph OS uses the TOR network to communicate
with the external world:
to be precise, it exclusively leverages the TOR network,
except for some scenarios where, for example, a direct communication to the
visited portal is required (as a captive portal on a public WiFi network). Last but
not least, Subgraph OS provides two custom software for communications
security.
-
Icedove, a Thunderbird-based client, powered by Enigmail (GPG) and
TorBirdy (Anonymity via Tor)
-
CoyIM, a XMPP client which was rewritten from scratch to avoid
memory-level exploits, also exclusively designed for the sole TOR network
Do'stlaringiz bilan baham: