12 new relay nodes from Mozilla are currently running in Tor

Jan 29, 2015 16:13 GMT  ·  By

The Tor anonymity network has increased with 12 more middle relay nodes that can distribute user traffic, courtesy of Mozilla as part of the Polaris Privacy Initiative started in November 2014.

The new relays from Mozilla are powered by hardware no longer used by the organization and consist in two Juniper EX4200 switches and three HP SL170zG6 (48GB ram, 2*Xeon L5640, 2*1Gbps NIC) servers and a dedicated IP Transit provider (2 x 10Gbps).

Mozilla engineer Arzhel Younsi says that the current design is completely redundant and that it allows 50% loss of capacity at most, if maintenance tasks are required or in case of a node failure. Moreover, it is a scalable design that supports adding more servers.

Engineers enable strict security

The engineer settled for Ansible when it comes to configuration management, and with the help of the security team, protection measures have been imposed. At the top of the list provided by Younsi there is strict firewall filtering.

The operating system has been hardened from a security standpoint by getting rid of unnecessary services, enabling automatic updates, or opting for a good SSH configuration.

Moreover, edge filtering has been implemented in order to limit access to the network management plan only to authorized systems.

In a blog post published on Wednesday, Younsi said that “many of the security requirements align nicely with what’s considered a good practices in general system and network administration.”

He pointed out that the entire setup could be administered from a single place, the jumphost. Attempting to connect to the system for management purposes from anywhere else would result in failure.

The systems are subject to verification for security purposes on a constant basis. They are scanned from inside for security updates and from the outside to make sure there aren’t any ports opened.

Setup does not function at full capacity

For the time being, the infrastructure does not run at its full bandwidth capacity, but this may change in the future as Mozilla may move the nodes to its managed infrastructure.

The project started on January 15 and it is still a proof-of-concept at the moment. The Polaris Privacy Initiative is a cooperation between the Center for Democracy & Technology (CDT), and the TOR Project, both of them being non-profit organizations.