0) Read this about air gap:
https://www.schneier.com/blog/archives/2013/10/air_gaps.html1) Buy Blu-Ray-Rom, check the compatibility with linux before!
2) Download this two images of debian:
http://cdimage.debian.org/debian-cd/7.4.0/amd64/jigdo-bd/3) Burn two bd in secure way as it possible, this is what called "chicken and egg" problem:
3.1) check the signatures..
3.2) check the sha256sums
3.3) md5sum....
3.4) be very paranoid..
3.5) Disable network physically.
3.6) Block any EM as you can, e.g. go under the ground, into the cellar of your house. Where your mobile phone can't receive any signal.
3.7) BURN!
3.
Check burned image. dd if=/dev/bdrom | md5sum dd if=/dev/bdrom | sha256sum
3.9) Make a duplicate, for availability and backup reasons.
4) This is main one. Set up really rugged Air Gap. Any Emanation must be locked. See, Schneier didn't made anything in this way, he only pluged network cable out.
4.1) Keep cool jammer near the hands. Enable it everytime when you are doing something serious. Be very carefully, you make noise in this scope, this noise will bring a cops to your house in one hundred percents. Probably, jammer is optional device for your air gapped network.
4.2) You need something like this
http://cryptome.org/bema-se.htm or very very deep hole in the your cellar. Any electromagnetic emanation can be eavesdropped by thefts, and bring them kind of secret information about your job.
4.3) Power supply must be rugged too. Read about history of American's spies, how they catch them self in the NYC, when in one house secret message was printed on the crypto-machine like Enigma, unbreakable crypto-text was eavesdropped by really simple antenna in the nearest building in pure clear-open-text form. Any your pressing on the buttons on the your keyboard made noise into the power network, each buttons little bit different from each others, physically, because e=mc^2, loops little bit different geographically, etc. The attacker with very sensitive device can eavesdrop your keyboard simply on the power line. See,
https://en.wikipedia.org/wiki/Black-bag_cryptanalysis 4.4) Never move anything except paper out.
Once optical media, say DVD cross the air-gap line, it must stayed here or annihilated.
See, your printer too may be marked on the factory side, or on the side of your supplier. NSA or something like that, CIA, FBI, Narco-Bosses could easily install kind of marker into your printer to see everytime is it your printer made this paper or not.
4.5) Only optical media is acceptable for incoming vector. ( CD / DVD / BD )
Any usb device may be bugged with second floor, one plug-in and your bios will be infected by malware, cause of design of USB protocol on the north-bridge's side.
4.6) Bring new software only in the open-source form, with careful audit for system calls, use all kind of Jails, AppArmor or SELinux(NSA), and separate bare-hardware for experiments.
4.7) Keep monitoring inside Air Gap for any signals:
*
http://nuand.com/bladeRF 300Mhz
*
http://greatscottgadgets.com/hackrf/ hackrf a project to build a low cost software radio platform. ( Can eavesdrop satellites )
5) Now you are in the nuclear-like bunker, and participator of 3-rd World War - Information warfare.
Setup your local repository with two BD from paragraph 2: See,
https://wiki.debian.org/HowToSetupADebianRepository You will be out-of-date for a long time, you can stay like that without a warning, because you are Air Gapped.
In this 2 BD optical medias, thousands of softwares that you would like to have in your air-gapped network, bitcoind is one of this. Set it up, don't wait for complete of synchronization, off-line. Enter: `bincoind getnewaddress air-gap`, Take the priv key `dumpprivkey`.
You may generate any amount of addresses to keep cold wallet and prints its priv-keys out to receive money on the on-line station.
Client:
Your portable / mobile station, say notebook, too might be rugged in cheap way by using low linux distributive with Boot-To-Ram option.
Check this project:
http://www.slax.org/You can always build similar distributive on the air-gap side. With debian tools like `live-build`. There is one problem, your air-gapped network is out-of-date. Somewhere you need to keep middle point to build secure updates into your mobile station. E.g. Tor ( torproject.org ) is your friend.
Snippet:
$ lb config noauto \
--bootappend-live toram \
--package-lists minimal \
--linux-flavours clean \
--binary-images iso \
--bootloader grub \
--debug \
--verbose
$ lb build --debug --verbose
In this way, your software part, OS, programs, etc can't be infected. Never keep all eggs in the one basket, keep only needful information on the your mobile station, only todays passwords of e-mails, only todays keys of bitcoind, etc... Regular backup - is a main thing of your stability.
The same boot-To-RAM option may be used for air gapped machine. This prevent software part from infection clearly.
The hardware part is a more clandestine background. You can simply buy bugged hardware and your `out of air-gap game` is over.
See,
https://en.wikipedia.org/wiki/Hardware_Trojan.
Between you and me and the lamppost, methinks that every Intel's CPU are bugged from times of Soviet Union Collapse, 486x -> Pentium I -> etc... AMD - is a 3d copy of Intel
Hardware
Trojan
Horse. The same with GPU, NVidia and Ati(AMD). This undeclared possibilities now coming as a feature, see Absolute Computrace technology:
http://www.absolute.comThe first models, x386, x286, x86, copied by Soviet Union very well. There were full / absolute replication of platforms and OS - DOS, with shameless renames of titles. On the stage of x486 this process has stalled, thanks to `shield technology`. This technology, something like
https://en.wikipedia.org/wiki/Physical_Unclonable_Function for the first time prevents to copy chips. There is no way to extract circuit of nowadays Intel CPU, except to capture the laboratory of Intel. The technology to attack such circuit would be much more in cost than design similar CPU by yourself.
Back to the history of cypherpunks, OpenBSD project hosts the main site
http://www.openbsd.org on the Sun platform - Spark, with native OS. This should tell something.
The other good thing is a
box of freedom. Take a low cost bare hardware and launch relay of Tor network. Configure Isolating Proxy. See,
https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/IsolatingProxyBEAWARE, there are still thousands of attacks, to instill a healthy level of paranoia:
* Evil Maiden.
Your main gate can be high and strong and crawling with orcs, but miss one single little spider hole, and two hobbits can ruin your whole day.
* Security Service.
If you are think that they don't track you, this is not mean that they are not track you.
TEMPEST or, "Hey! Who owns that van/RV/delivery truck outside? It never moves!"
You are probably have no chance to hide anything if they are marks you as a `Person of Interest`. See examples:
Julian Assange, and things can go wrong, see
Chelsea Manning trying to change his sex.
I can bring you millions of great names of folks who were chased by SS. Like
John Forbes Nash, Jr. or
Bobby Fischer. Probably, most of us are know much of them, but no one knows how to fold.
http://www.saunalahti.fi/parazite/defactodejure.pngde jure NOT FREE LANDde facto NOT FREE LANDNOT LANDhttp://www.saunalahti.fi/parazite/index.shtmlJohn Forbes Nash, Jr. has tried to run away from CIA, he took not a right door - France, the only one way to run away from one land to another is to choose right door. He was very clever man, he knew that Communism in Soviet Union was a fake. There are thousands of examples of the
Military Junta in the humanity history, the Soviet Union was a greatest example of the
Spy Junta.
Todays Russian's FSB (KGB) is a branch office of CIA, not more. It is ultra-right wing of the New World Order. Everything what you can see on the
youtube about the Ukraine now - is a theater of socket puppets of KGB and CIA. This Russian Army in the Crimea is the last accord of pop composition of Secret Services that plays their bloody game for a two years. See, there are up to 10 similar revolutions across the post Soviet Union. Everytime there is one scenario - they burn out the center of the capital and win.
