[liberationtech] Designing the best network infrastructure for a Human Rights NGO

[Andreas Bader]

anonymous2013 at nym.hush.com:
> Hi, 
> We are a human rights NGO that is looking to invest in the best 
> possible level of network security (protection from high-level 
> cyber-security threats, changing circumvention/proxy to protect IP 
> address etc, encryption on endpoints and server, IDS/Physical and 
> Software Firewall/File Integrity Monitoring, Mobile Device 
> Management, Honeypots) we can get for a our internal network. I was 
> wondering if people would critique the following network, add 
> comments, suggestions and alternative methods/pieces of software. 
> (Perhaps if it goes well we could make a short paper out of it, for 
> others to use.)
I also work for a human rights NGO.
First don't use an internal network, you need a decentral communication
and information network.
Second, Windows is not easier than Linux, compare Windows 8 and Debian
with Gnome 2.
I would probably use a SEL Kernel like in SL 6, when possible a Live-System.
Forget all the closed-source software.
Now the Software:
-Firefox with Torbutton
-Thunderbird with Torbirdy and OpenPGP
-Vidalia
Encrypt your systems with LUKS, its also FDE. Truecrypt doesn't work
with Linux as FDE.
You can possibly try Liberte Linux, someone on this list presented it to
us, its made for secure communication.
And if you are unsure about Linux and Windows in "High Level Security
Systems", then you should probably go and get a real
Sysadmin/Security-Fanatic.
How good are you with IT-Sec?
I don't want to offend you, but you sound like a beginner.

Andreas

(P.S.: Skype? You can't be serious. ICQ and Facebookchat is more secure.
Use IRC).