Search My Blog

Saturday, March 30, 2013

Whonix / Documentation / Home

I tried out Whonix Linux in Virtual Box today. This is how you are suppose to run Whonix, in a VM. I've been reading through the info and How To's on the Site on and off for the past three days. There's plenty of information on how to get Whonix up and running. But, it seems to be scattered all throughout the site. So, it too me a while to actually get to the point of setting it up and trying to give it a try. I say trying... Because, the Whonix Gateway would not run on my Fedora 14 System in Virtual Box at all. It gave an error and shut down on Boot. So, I was was left with only half of the OS to try out. The Workstation. That, either hung up on Boot, in the VM. Or it was just taking too long, because my system is only a Core 2 with 2.5GB of Ram. So, I gave up and shut it down. It was only going to be half of the system, after all. So, I lost interest, at this point. The Whonix Workstation uses 768MB of memory and the Gateway uses 128MB of your Systems Hardware Memory. My Hardware Video Card, has 512MB of DDR Video Memory. But, this is not really enough to be able to spare 128MB of the Video Memory for Whonix Workstation and then another 8MB for the Gateway. Which has to be run in a Separate VM, at the same time. Still, Whonix looks like a very interesting and secure OS, for those who have the Hardware that can handle it. So, I will be back to check it out. Later on, after I build that new System, that I've been planning and dreaming of....

Don

Whonix is an anonymous general purpose operating system based on Virtual Box, Debian GNU/Linux and Tor. By Whonix design, IP and DNS leaks are impossible. Not even malware with root rights can find out the user's real IP/location.

This is because Whonix consists of two (virtual) machines. One machine solely runs Tor and acts as a gateway, which we call Whonix-Gateway. The other machine, which we call Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible.

This is only a very brief introduction. See Documentation and/or Technical Design for a more comprehensive description, security features and threat model. To find out how secure/anonymous Whonix is, see Security Overview.

Whonix is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.|

Read More...
http://sourceforge.net/p/whonix/wiki/Home/

This is a wiki. Want to improve this page? Contact us!

Whonix Features

Whonix is an Anonymous Operating System. It hides your IP/location and uses Tor to anonymize your data traffic. This means that neither the contacted server, nor any eavesdropper on your connections, nor the operators of the Tor network themselves can realize which webservice you use.

Basically all programs can used together with Whonix.

  • For web browsing, Tor Browser is included.
  • Messengers, like Pidgin, with the Jabber protocol and the OTR plugin.
  • Privacy friendly e-mail client: Mozilla Thunderbird with TorBirdy
  • scp for secure data transfer from and to a server.
  • Unobserved administration of servers via SSH
  • Web servers: Apache, ngnix, IRC servers, etc. via Hidden Services
  • Other programs...

It is possible, with the help of Whonix, to use applications via Tor, which are not capable of proxy support by themselves.

Everything is explained in [Documentation].

Feature List

Adobe Flash anonymously  Browse The Web Anonymously  Anonymous IRC  Anonymous Publishing  Anonymous E-Mail with Mozilla Thunderbird and TorBirdy  Add a proxy behind Tor (Tor -> proxy)  Based on Debian GNU/Linux.  Based on the Tor anonymity network.  Based on Virtual Box.  Can torify almost any application.  Can torify any operating system  Can torify Windows.  Chat anonymously.  Circumvent Censorship.  DNSSEC over Tor ¹  Encrypted DNS ¹  Encrypted Communication  Full IP/DNS protocol leak protection.  Hide the fact that you are using Tor ¹  Hide the fact you are using Whonix  Hide installed software from ISP  Isolating Proxy  Java anonymously  Javascript anonymously  Location/IP hidden servers  Mixmaster over Tor  Prevents anyone from learning your IP.  Prevents anyone from learning your physical location.  Private obfuscated bridges supported.  Protects your privacy.  Protocol-Leak-Protection and Fingerprinting-Protection  Secure And Distributed Time Synchronization Mechanism  Security by Isolation  Send Anonymous E-mails without registration  Stream isolation to prevent identity correlation through circuit sharing  Virtual Machine Images  VPN/Tunnel Support  Whonix is produced independently from the Tor (r) anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.  Transparent Proxy  Tunnel Freenet through Tor  Tunnel i2p through Tor  Tunnel JonDonym through Tor  Tunnel Proxy through Tor  Tunnel Retroshare through Tor  Tunnel SSH through Tor  Tunnel UDP over Tor ¹  Tunnel VPN through Tor  Tor enforcement  TorChat ¹  Free Software, Libre Software, Open Source  ¹ via Optional Configuration  

Advantages of Whonix

  • All applications, including those, which do not support proxy settings, will automatically be routed through Tor.^1^ ^2^ ^3^ ^4^
  • Installation of any software package possible.^12^
  • Safe hosting of Hidden services possible. ^13^
  • Protection against side channel attacks, no IP or DNS leaks possible. ^16^
  • Advantage over Live CD's: Tor's data directory is still available after reboot, due to persistent storage. Tor requires persistent storage to save it's Entry Guards.
  • Java / JavaScript^15^ / flash / Browser Plugins^9^ / misconfigured applications cannot leak your real external IP. See Whonix security in real world.
  • Protection against IP/location discovery through root exploits (Malware with root rights) inside Whonix-Workstation. But you really should not test it, read footnote ^a^ and follow links mentioned in footnote ^a^.
  • Uses only Free Software.
  • Building Whonix from source is easy, see [BuildDocumentation].
  • Tor+Vidalia^10^ and Tor Browser are not running inside the same machine. That means that for example an exploit in the browser can't affect the integrity of the Tor process.
  • It is possible to use Whonix in conjunction with VPNs, ssh and other proxies. But see Tor plus VPN/proxies Warning. Everything possible, as first chain or last chain, or both.
  • Loads of [Features].
  • Loads of Optional Configurations (additional features / Add-Ons) available.
  • Best possible Protocol-Leak-Protection and Fingerprinting-Protection.
  • Private obfuscated [Bridges] can be added to /etc/tor/torrc.
  • Whonix-Gateway can also torify Windows, see [OtherOperatingSystems].

Disadvantages of Whonix

  • More difficult to set up compared to the regular Tor Browser Bundle.
  • Needs virtual machines or spare hardware.
  • Updating OS and applications behind the Tor proxy is slow.
  • Higher maintenance required.^14^
  • Tor Button's New Identity button is not supported with Whonix, see Tor Browser for a workaround.

Footnotes

Read More...
http://sourceforge.net/p/whonix/wiki/Features/


Download

First time user?

The default user is: user

The default password is: changeme

  • If you don't know what a metadata or a man-in-the-middle attack is.
  • If you think no-one can eavesdrop on your communications because you are using Tor.
  • If you have no notion on how Whonix works.

Then, check first the [About] and [Warning] pages to make sure that Whonix is the right tool for you and that you understand well its limitations.

Download Whonix virtual machine images

The default user is: user

The default password is: changeme

Download Whonix 0.5.6 from sourceforge.net

Verify the Whonix virtual machine images

It is important to check the integrity of the virtual machine images you downloaded to make sure no man in the middle attack or file corruption happened. (See [DownloadSecurity].)

Whonix virtual machine images are cryptographically signed using OpenPGP by Whonix developer adrelanos. OpenPGP is a standard for data encryption that provides cryptographic privacy and authentication through the use of keys owned by its users.

If you already know how to use an OpenPGP key you can download the Whonix signing key and the Whonix signatures straight away.

Otherwise, read our instructions to check the virtual machine images integrity:

Whonix signing key

You can learn about the signing key on the Trusting Whonix Signing Key page.

Whonix signature

Whonix 0.5.6 signatures

Go there..
http://sourceforge.net/p/whonix/wiki/Download/

1. Pre Install Advice

Read and apply: Security Advice before installing Whonix.

2. Install

Just import both Whonix .ova images into Virtual Box. Do not change any settings! (You could do that later.) Do not change MAC address!

The .ova images should be imported into Virtual Box. There is also highly experimental support for [VMware], but only Virtual Box is fully supported, rather use Virtual Box.

If you need more help with Installing

There is a tutorial with screenshots, see [Install].

There are also Video Tutorials.

(Video Help)

If you still need help, please go to the User Help Forum.

Read more...
http://sourceforge.net/p/whonix/wiki/Download/#verify-the-whonix-virtual-machine-images


(1). Install and start Virtual Box. Click on File -> Import Appliance...

(2). Click on Choose.


Read More...
http://sourceforge.net/p/whonix/wiki/Install/

Post Install Advice

On Whonix-Gateway and Whonix-Workstation

Change Passwords

The default user is: user

The default password is: changeme

Immediately change it!

Login as root:

sudo su  

Change root and user password:

passwd  passwd user  

and follow the instructions.

Security Updates

Regularly check for security updates and apply them with:

sudo apt-get update && sudo apt-get dist-upgrade  

Network Time Syncing

Don't wonder... To prevent against time zone leaks, the system clock inside Whonix was set to UTC. This means it may be a few hours before or ahead of your host system clock. Do not change!

Don't use the suspend/safe/resume feature of Virtual Box, unless you understood the Network Time Synchronization chapter from the Advanced Security Guide.

If your host clock is more than 1 hour in past or more than 3 hour in future, Tor can't connect. In this case fix your host clock manually (right click on clock). (Check for empty battery.) Then power off Whonix-Gateway and power Whonix-Gateway on again, Tor should be able to connect again. If your host clock is even more off, you could get into trouble updating your host operating system so have an eye on it that it's somewhat accurate.

This chapter is supposed to be as simple and short as possible to provide basic protection. You can archive more security if you understand the Network Time Synchronization chapter from the Advanced Security Guide.

Security Guide

You can further improve the security, see the Security Guide.

Read More...
http://sourceforge.net/p/whonix/wiki/Post%20Install%20Advice/

Videos

Go there...
http://sourceforge.net/p/whonix/wiki/Videos/


Whonix Linux is an Anonymous General Purpose Operating System Based on Virtual Box Debian GNU Linux and Tor


Whonix - Google Search
Whonix / Documentation / Home
Whonix / Documentation / Home
Whonix / Documentation / Features
Whonix / Documentation / Download
Whonix / Documentation / Videos
Whonix / Documentation / Screenshots
Whonix / Documentation / Documentation
Whonix / Documentation / About
Whonix / Documentation / Security Guide
Whonix / Documentation / FAQ
Whonix / User Help Forum / Forums
Whonix / Documentation / Contact
Whonix / Documentation / Download
Whonix - Browse /whonix-0.5.6 at SourceForge.net
Whonix - Browse /whonix-0.5.6-sig at SourceForge.net
Whonix / Documentation / Download
Whonix / Documentation / Post Install Advice
Whonix / Documentation / DownloadSecurity
Whonix / Documentation / Install
Whonix / Documentation / Download
Whonix / Documentation / Download

No comments: