Rootconf 2014

A session in two parts.

Learn how to setup SSH as a TOR hidden service

In the first part we will

• Set up SSH
• Set up Tor
• Make SSH a TOR Hidden Service
• Connect to the SSH over TOR

Make life fun for SSH attackers

Since now we have a free port 22

• Setup Kippo
• See the logs
• Make life fun for SSH attackers

Outline

Linux Server Hardening for the Paranoid

An intermediate level full talk that will tell you how to use TOR Hidden services to truly hide your server and stay hidden from Nation States Adversaries and Hollywood Attackers who Can Kill Everyone Remotely and in Style

I gave a talk on Securing a Linux Web Server in 10 Steps or Less. That talk covered basic principles to think about when you decide to secure your server. I got great feedback for the talk and IMHO it was a nice gentle introduction for beginners.

The only problem is, that talk was incomplete. We can’t effectively talk about security without defining or discussing security against whom. Therefore if you would like to keep your machine safe from Nation State Adversaries come learn how you can do that.

Requirements

This is not a workshop. There is no point in getting people to do hands-on stuff on a linux server(which is basically a training nightmare) but it would be nice for the following to happen

• Watch the talk Securing a Linux Web Server in 10 Steps or Less
• Folks attending, should have hands-on experience of the command line (BASH)
• Ideally they would have setup a server or two and also have some vague idea about what TOR is

If you can do the following, don’t attend the talk to just heckle me(unless you let me do the sam to you in your talk, then its all cool)

• Know how to setup a TOR hidden service
• Know how to setup a honeypot
• Work for any organisation that resembles a Nation State Adversary

Speaker bio

That Web Application Security Guy @ The App Sec Lab

I run The App Sec Lab a security company that helps companies become secure. If you are confused about anything in security come and talk to me and I can help you with a roadmap on how to become secure and stay that way.

I am the co-founder+Community Manager for “null - The Open Security Community” and Co-Chapter Lead for OWASP Bangalore

• Website | @makash | Linkedin | Slideshare

TL, DR; I am a funny with an interesting take on things in life that matter - Linux, Security, Having Fun and Teaching cool things to people while they are laughing so that they really really get it.

Links

• Video - https://hasgeek.tv/makash/speaking-in/358-securing-a-linux-web-server-in-10-steps-or-less
• Slides - http://www.slideshare.net/akashm/securing-a-linux-web-server-in-10-steps-or-less
• Funnel - https://funnel.hasgeek.com/rootconf/329-securing-a-linux-web-server-in-10-steps-or-less
• TOR Hidden Services https://www.torproject.org/docs/tor-hidden-service
• TOR as a proxy server https://www.torproject.org/docs/proxychain.html.en
• Kippo http://code.google.com/p/kippo/

Slides

http://www.slideshare.net/akashm/incomplete-outline-for-rootconf-2014-the-littleservciewhichwasntthere