[liberationtech] Designing the best network infrastructure for a Human Rights NGO

drone_guinness1 borgnet borgbox.drone.guinness1 at gmail.com
Thu Feb 28 09:43:19 PST 2013 

...end users using Linux :-D  (good one)

"
-Windows 2012 Server
-VMWare virtual machines running Win 8 for remote access
"
servers and access may be well served using
grsecurity/Pax/RoleBasedAccessControle(RBAC) hardened custom Linux
kernel... i know not easy (im looking into this stuff atm - so not xpert),
with openvpn onboard, RBAC tuned and Logcheck emailing some1 some log
digests (and looked at ofc). ofc nsa hardening os stuffs as Andrew
mentioned ;-)

lots of darknet solutions as well, but a linux guru may need be involved.
 NGOs coordination/cooperation may enhance the ability to run and monitor a
NGO dn.

anyway, thought i would add some ideas/junk to the mix :D

cheers,

"Not everything that is counted counts, and not everything that counts can
be counted."  - Albert Einstein

". . . yes, a game where people throw ducks at balloons, and nothing is
what it seems. . . " - Homer J. Simpson



On Thu, Feb 28, 2013 at 10:00 AM, <anonymous2013 at nym.hush.com> wrote:

> Thanks I appreciate the input but this is where one of the problems
> with the LibTech approach lies, having spent years training
> hundreds of people all over the world with TrueCrypt, TOR,
> PGP/Thunderbird etc I can tell you that the systems are simply not
> user friendly enough for the vast majority of non-techie people in
> an NGO environment. In parts of Africa and other places, people are
> barely techno-literate to be able to turn on a windows machine -
> even after consideriable training. People now come to work using
> Mac's and Android, they are used to easy interfaces etc...If you
> think you can get a board member or a finance person in an NGO to
> use Linux then you are detached from the reality of how most NGO's
> work. The use will simply ignore it.
>
> And I didn't say Skype, I meant using a Skype alternative like
> Pidgin with OTR etc - obviously Skype is not secure.
>
> Thanks.
> -A
>
> On Thu, 28 Feb 2013 14:50:08 +0000 "Andreas Bader"
> <noergelpizza at hotmail.de> wrote:
> >anonymous2013 at nym.hush.com:
> >> Hi,
> >> We are a human rights NGO that is looking to invest in the best
> >> possible level of network security (protection from high-level
> >> cyber-security threats, changing circumvention/proxy to protect
> >IP
> >> address etc, encryption on endpoints and server, IDS/Physical
> >and
> >> Software Firewall/File Integrity Monitoring, Mobile Device
> >> Management, Honeypots) we can get for a our internal network. I
> >was
> >> wondering if people would critique the following network, add
> >> comments, suggestions and alternative methods/pieces of
> >software.
> >> (Perhaps if it goes well we could make a short paper out of it,
> >for
> >> others to use.)
> >I also work for a human rights NGO.
> >First don't use an internal network, you need a decentral
> >communication
> >and information network.
> >Second, Windows is not easier than Linux, compare Windows 8 and
> >Debian
> >with Gnome 2.
> >I would probably use a SEL Kernel like in SL 6, when possible a
> >Live-System.
> >Forget all the closed-source software.
> >Now the Software:
> >-Firefox with Torbutton
> >-Thunderbird with Torbirdy and OpenPGP
> >-Vidalia
> >Encrypt your systems with LUKS, its also FDE. Truecrypt doesn't
> >work
> >with Linux as FDE.
> >You can possibly try Liberte Linux, someone on this list presented
> >it to
> >us, its made for secure communication.
> >And if you are unsure about Linux and Windows in "High Level
> >Security
> >Systems", then you should probably go and get a real
> >Sysadmin/Security-Fanatic.
> >How good are you with IT-Sec?
> >I don't want to offend you, but you sound like a beginner.
> >
> >Andreas
> >
> >(P.S.: Skype? You can't be serious. ICQ and Facebookchat is more
> >secure.
> >Use IRC).
> >--
> >Too many emails? Unsubscribe, change to digest, or change password
> >by emailing moderator at companys at stanford.edu or changing your
> >settings at
> >https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130228/9bf95760/attachment.html>

More information about the liberationtech mailing list