Difference between revisions of "ISXUbuntu/Developers"

From Wiki
Jump to: navigation, search
(Security issues)
(Milestone 3)
 
(3 intermediate revisions by the same user not shown)
Line 11: Line 11:
 
# BASIC PLATFORM & TOR
 
# BASIC PLATFORM & TOR
 
## Functioning Base level Platform of ISXubuntu
 
## Functioning Base level Platform of ISXubuntu
##  Tor is functional when booting ISXubuntu
+
##  [http://www.torproject.org/ Tor] is functional when booting ISXubuntu
 
##  working with firewalls...
 
##  working with firewalls...
 
# Ad blocker
 
# Ad blocker
##Currently using Privoxy but Ad Block Plus may be better
+
##Currently using [http://www.privoxy.org/ Privoxy] but [http://adblockplus.org Ad Block Plus] may be better
 
## Privoxy doesn't block all ads - beyond the actual ad blocking it's necessary to block tracking of a users web activity through DNS requests.
 
## Privoxy doesn't block all ads - beyond the actual ad blocking it's necessary to block tracking of a users web activity through DNS requests.
 
#  Control over malicious Javascripts, cookies, etc.
 
#  Control over malicious Javascripts, cookies, etc.
##   NoScript to block malicious Javascripts (Tor now seems to conflict with this although it didn't use to)
+
## [http://noscript.net/ NoScript] to block malicious Javascripts (Tor now seems to conflict with this although it didn't use to)
##   Customize Google to evade privacy-intrusive features of Google services
+
## [http://www.customizegoogle.com/ Customize Google] to evade privacy-intrusive features of Google services
##   Gmail S/MIME for encrypted Gmail
+
## [http://richard.jones.name/google-hacks/gmail-smime/gmail-smime.html Gmail S/MIME] for encrypted Gmail
##     Bugmenot to get around compulsory registration of websites
+
## [http://www.bugmenot.com/ Bugmenot] to get around compulsory registration of websites
## On-screen keyboard to block keystroke loggers. Is this enough - what else can be done'?
+
## On-screen keyboard to block [http://en.wikipedia.org/wiki/Keystroke_logging keystroke loggers]. Is this enough - what else can be done'?
  
 
===Milestone 2: to be completed by March 1, 2009===
 
===Milestone 2: to be completed by March 1, 2009===
Line 27: Line 27:
 
* Set up process for building from scratch (something like what Incognito does with Catalyst)
 
* Set up process for building from scratch (something like what Incognito does with Catalyst)
  
# Currently OpenDNS is used to prevent DNS spoofing. When you attempt to go to a URL that doesn't exist you are redirected to a page of  theirs. Disabling this requires setting up a  free account with OpenDNS and having a static IP - or a domain name and registering with DynDNS.  We need to discuss this further.
+
# Currently [http://opendns.org/ OpenDNS] is used to prevent [http://en.wikipedia.org/wiki/Pharming pharming]. When you attempt to go to a URL that doesn't exist you are redirected to a page of  theirs. Disabling this requires setting up a  free account with OpenDNS and having a static IP - or a domain name and registering with [http://www.dyndns.com/services/dns/dyndns/ DynDNS].  We need to discuss this further.
# OpenOffice word processor set to redact all revision history when saving files
+
# OpenOffice word processor set to redact all revision history when saving files. The UK National Archives has a useful [http://www.nationalarchives.gov.uk/documents/redaction_toolkit.pdf article] on redaction.
# Encrypted persistent home directory using TrueCrypt*
+
# Encrypted persistent home directory using [http://www.truecrypt.org/ TrueCrypt]*
 
# Encrypted swap space*
 
# Encrypted swap space*
 
# Secure deletion of memory on shutdown*
 
# Secure deletion of memory on shutdown*
# Enigmail for encrypted email with Thunderbird
+
# [http://enigmail.mozdev.org/ Enigmail] for encrypted email with Thunderbird
 
# Spam and phishing protection
 
# Spam and phishing protection
  
 
===Milestone 3===
 
===Milestone 3===
*Resolve flash drive issues (can we make the user's home directory read/write while leaving everthing else read only?)
+
*Resolve flash drive issues (can we make the user's home directory read/write while leaving everything else read only?) Info on [http://www.linuxconsultingteam.com/articles/2006/10/14/secure-filesystem-mount-points security issues with Linux filesystems] from LinuxConsultingTeam.
  
# Pidgin IM client with OTR for encryption
+
# [http://www.pidgin.im/ Pidgin] IM client with [http://www.cypherpunks.ca/otr/ OTR] for encryption
  
 
==Things To Do==
 
==Things To Do==

Latest revision as of 10:11, 3 September 2008

Developer Page

Project Schedule

Milestone 0

  • Set up process for taking apart stock XUbuntu image, making our changes, and rebuilding iso
  • Set up security auditing proceedure which includes penetration testing with Nessus and checking file permissions.

Milestone 1: to be completed by January 1, 2009

  1. BASIC PLATFORM & TOR
    1. Functioning Base level Platform of ISXubuntu
    2. Tor is functional when booting ISXubuntu
    3. working with firewalls...
  2. Ad blocker
    1. Currently using Privoxy but Ad Block Plus may be better
    2. Privoxy doesn't block all ads - beyond the actual ad blocking it's necessary to block tracking of a users web activity through DNS requests.
  3. Control over malicious Javascripts, cookies, etc.
    1. NoScript to block malicious Javascripts (Tor now seems to conflict with this although it didn't use to)
    2. Customize Google to evade privacy-intrusive features of Google services
    3. Gmail S/MIME for encrypted Gmail
    4. Bugmenot to get around compulsory registration of websites
    5. On-screen keyboard to block keystroke loggers. Is this enough - what else can be done'?

Milestone 2: to be completed by March 1, 2009

  • Set up process for building from scratch (something like what Incognito does with Catalyst)
  1. Currently OpenDNS is used to prevent pharming. When you attempt to go to a URL that doesn't exist you are redirected to a page of theirs. Disabling this requires setting up a free account with OpenDNS and having a static IP - or a domain name and registering with DynDNS. We need to discuss this further.
  2. OpenOffice word processor set to redact all revision history when saving files. The UK National Archives has a useful article on redaction.
  3. Encrypted persistent home directory using TrueCrypt*
  4. Encrypted swap space*
  5. Secure deletion of memory on shutdown*
  6. Enigmail for encrypted email with Thunderbird
  7. Spam and phishing protection

Milestone 3

  • Resolve flash drive issues (can we make the user's home directory read/write while leaving everything else read only?) Info on security issues with Linux filesystems from LinuxConsultingTeam.
  1. Pidgin IM client with OTR for encryption

Things To Do

Project Planning

Security issues

We need to decide what security issues we want to address, and what changes we will make to ISXUbuntu to address them

ubuntu-hardened is a list about Ubuntu security issues.

Presentation and Usability issues

What other changes do we want to make? Should we worry about boot time? Hardware compatibility? Ease of use for Windows users? What would we want to include on the CD in terms of artwork, video clips, etc. ? Do we want to include persistent user directories? What happens if we run this from a USB stick? Are all user settings now persistent?

Hacking

We need to come up with processes for

  • including software packages in the distro
  • modifying the default user and system wide setting to our liking
  • including our own content (do we make packages out of them?)

It would be good if we could get a small server on a rack someplace - then everyone could help build and test things. We could use Xen or VirtualBox for a sandboxed environment and FreeNX, to test drive each build remotely. We won't be doing much compiling but the uncompressing and compressing of the filesystem to make an .iso takes some CPU.

Linux Journal recently published a series of articles explaining step by step how to do what we're working on. I would have had an easier time of things if these articles had been available two years ago:

http://www.linuxjournal.com/article/10038

http://www.linuxjournal.com/article/10076

http://www.linuxjournal.com/article/10099

Documentation

The documentation needs to be filled out

Other Projects

Other projects we can learn and borrow from:

  1. AnonymOS andOlive OpenBSD- live CD versions of OpenBSD - not active
  2. ParanoidLinux - a project that's still in the discussion stage
  3. Rubberhose - a steganographic filesystem, not an OS but some interesting concepts we could consider
  4. Incognito - very similar but based on KDE and Gentoo Linux. This project is currently active (for a while it seemed as thought it wasn't) and we should integrate useful features from it when we can.
  5. Mozilla Weave - active but in a very early stage of development. Additional privacy and security for Web 2.0
  6. Knoppix-3.2 MiB-11b Privacy Edition- if this were an active project ISXubuntu wouldn't be necessary - but it's not
  7. What about privacy features of Internet Explorer 8's Private Browsing and added security features, Google Chrome and [Apple Safari's http://www.apple.com/safari/] "Private Browsing" mode? What is good about these and what is missing?