Search Mailing List Archives
[liberationtech] Designing the best network infrastructure for a Human Rights NGO
borgbox.drone.guinness1 at gmail.com
Thu Feb 28 09:43:19 PST 2013
...end users using Linux :-D (good one)
-Windows 2012 Server
-VMWare virtual machines running Win 8 for remote access
servers and access may be well served using
grsecurity/Pax/RoleBasedAccessControle(RBAC) hardened custom Linux
kernel... i know not easy (im looking into this stuff atm - so not xpert),
with openvpn onboard, RBAC tuned and Logcheck emailing some1 some log
digests (and looked at ofc). ofc nsa hardening os stuffs as Andrew
lots of darknet solutions as well, but a linux guru may need be involved.
NGOs coordination/cooperation may enhance the ability to run and monitor a
anyway, thought i would add some ideas/junk to the mix :D
"Not everything that is counted counts, and not everything that counts can
be counted." - Albert Einstein
". . . yes, a game where people throw ducks at balloons, and nothing is
what it seems. . . " - Homer J. Simpson
On Thu, Feb 28, 2013 at 10:00 AM, <anonymous2013 at nym.hush.com> wrote:
> Thanks I appreciate the input but this is where one of the problems
> with the LibTech approach lies, having spent years training
> hundreds of people all over the world with TrueCrypt, TOR,
> PGP/Thunderbird etc I can tell you that the systems are simply not
> user friendly enough for the vast majority of non-techie people in
> an NGO environment. In parts of Africa and other places, people are
> barely techno-literate to be able to turn on a windows machine -
> even after consideriable training. People now come to work using
> Mac's and Android, they are used to easy interfaces etc...If you
> think you can get a board member or a finance person in an NGO to
> use Linux then you are detached from the reality of how most NGO's
> work. The use will simply ignore it.
> And I didn't say Skype, I meant using a Skype alternative like
> Pidgin with OTR etc - obviously Skype is not secure.
> On Thu, 28 Feb 2013 14:50:08 +0000 "Andreas Bader"
> <noergelpizza at hotmail.de> wrote:
> >anonymous2013 at nym.hush.com:
> >> Hi,
> >> We are a human rights NGO that is looking to invest in the best
> >> possible level of network security (protection from high-level
> >> cyber-security threats, changing circumvention/proxy to protect
> >> address etc, encryption on endpoints and server, IDS/Physical
> >> Software Firewall/File Integrity Monitoring, Mobile Device
> >> Management, Honeypots) we can get for a our internal network. I
> >> wondering if people would critique the following network, add
> >> comments, suggestions and alternative methods/pieces of
> >> (Perhaps if it goes well we could make a short paper out of it,
> >> others to use.)
> >I also work for a human rights NGO.
> >First don't use an internal network, you need a decentral
> >and information network.
> >Second, Windows is not easier than Linux, compare Windows 8 and
> >with Gnome 2.
> >I would probably use a SEL Kernel like in SL 6, when possible a
> >Forget all the closed-source software.
> >Now the Software:
> >-Firefox with Torbutton
> >-Thunderbird with Torbirdy and OpenPGP
> >Encrypt your systems with LUKS, its also FDE. Truecrypt doesn't
> >with Linux as FDE.
> >You can possibly try Liberte Linux, someone on this list presented
> >it to
> >us, its made for secure communication.
> >And if you are unsure about Linux and Windows in "High Level
> >Systems", then you should probably go and get a real
> >How good are you with IT-Sec?
> >I don't want to offend you, but you sound like a beginner.
> >(P.S.: Skype? You can't be serious. ICQ and Facebookchat is more
> >Use IRC).
> >Too many emails? Unsubscribe, change to digest, or change password
> >by emailing moderator at companys at stanford.edu or changing your
> >settings at
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the liberationtech