Anonym.Os: Security And Privacy, Everywhere You Go (Build It!) presented at ShmooCon 2006

by Taylor Banks, Gavin Mead, Kevin Miller, Beth Milliken,

Tags: Security Anonymity Access Privacy Monitoring Risk Legal Development

Summary : Privacy and anonymity are hard to come by these days. What's worse, many if not most, of the world's network users don't have the slightest idea of the levels of monitoring to which they are subjected, much less the proper chain of steps necessary to strengthen their communications channels. While there are applications and systems that provide heightened anonymity and confidentiality to users, all require user-knowledge of configuration and proper systems administration techniques. The tiniest error in setting up any of the myriad tools available can lead to disaster. To fill this void, kaos.theory has created the Anonym.OS OpenBSD LiveCD.
The Anonym.OS LiveCD project seeks to accomplish three goals; first, to provide the user a secure, silent system that can be attached to any network without leaving traceable footprints; secondly, to integrate encryption, privacy, and "anonymizing" applications in a seamless fashion; lastly, to offer standard, graphical tools for web, news, mail, and chat that utilize enhanced privacy and anonymity in an easy-to-use, secure, and portable environment. To achieve these goals, kaos.theory has made extensive use of OpenBSD, pf, tor, and anonymizing proxies.
Anonym.OS provides strong privacy, anonymity, and security in a package suitable to give to your grandmother for use at her local $tarbucks. You know, if your grandmother has something to hide…
Across the past 8 years, Taylor Banks (aka dr.kaos) has written and delivered training and provided security consultation to thousands of security engineers, architects, managers and executives from hundreds of organizations including Bristol-Myers Squibb, Ernst and Young, FedEx, IBM Global Services, PricewaterhouseCoopers, and VeriSign as well as the US Department of Defense, Federal Bureau of Investigation, the US Marine Corps Computer Emergency Response Team (MARCERT) and the National Security Agency. Prior to 1997, he worked as a network and security consultant for Benedict College, the Environmental Policy Center, Georgia Institute of Technology, Georgia State University, Sodexho Marriott, and SunTrust Securities. Taylor currently manages the Southeast Systems Engineering group at Caymas Systems.
Taylor holds his CISSP and has been certified by CheckPoint, ISECOM, ISS, NAI, Nokia and VeriSign. He is a contributor to the EFF and a member of Usenix, SAGE, the Security Writer's Guild, ISSA and ISACA and is an active participant in, and contributor to, numerous open security forums and user groups.
Gavin Mead (aka atlas) is the product of a misspent youth hunched over the comforting glow of a green-and-black CRT. As monitor technology evolved, so did Gavin's interests in computer and network security, specifically in enterprise risk management frameworks and data privacy protection, leading him to the seedy underworld of security consulting where he met the the rest of the kaos.theory crew. Gavin currently works for KPMG's Security, Privacy, and Continuity practice out of Atlanta, performing penetration testing, risk assessment, framework alignment, and policy development engagements. Gavin holds a B.S. from Georgia Tech and participates actively in local security group meetings and public forums.
Kevin Miller (aka digunix) is one of the founding members of the DC404 group. Having recently moved to Milwaukee, he can be found near many a public access point with tools in hand. Previous to being newly unemployed, he worked as the Storage and Remote Management QA Manager at American Megatrends where he hacked away at video redirection communications, the iSCSI and SMB/CIFS/NFS protocols, and AMIBIOS.
Beth Milliken pokes at computers for fun and profit, Beth has been sleeping lately in the wet spot where technology, ethics, and legal issues run together. She is very interested in educating people about protecting themselves on line - from not-so-nice people, as well as not-so-nice legislation. She works in a large building with lots of glass windows and foamy cube-walls. Beth has pieces of paper saying she is certifiable regarding certain bodies of knowledge, but swears she has no knowledge of where the bodies are.