| Based on | Debian |
| System Type | Server&Gateway |
| Desktop | No desktop |
| Type | Protection & anonimization system & distributed services. |
| Supported hardware | Odroid XU3 and C1 |
| Architecture | ARMHF |
| Gateway and torify any operating system | Yes |
| Opensource | Yes |
| Live DVD/USB | No |
| Non-Anonymous Developers | Yes |
| Persistence (applications&data survive reboot) | Full |
| Threat | CageOS Protection |
|---|---|
| Several Exploit | GrSecurity |
| Memory-based protection schemes | PaX |
| Mandatory access control scheme | SELinux |
| Cold Boot Attack | TRESOR |
| Potentially hostile/injected code from non-code containing memory pages | KERNEXEC |
| Threat | CageOS Protection |
|---|---|
| Toolchain compilation (fortify) | libc patches |
| MAC Spoof | MAC Address randomizer |
| Hardware Serial number identification | HDD/RAM serial number changer |
| Vulnerable on bootloader | Bootloader password protection |
| Vulnerable on boot partition modifications | /boot partition Read only. Needed to change only on kernel upgrades |
| SSH root login directly | Disable SSH root login |
| Physical reboot | Disable control+alt+del on inittab & /etc/acpi/powerbtn-acpi-support.sh |
| Brute force attack on services | Fail2Ban |
| ICMP Flood Protection | IPTables not answer ICMP requests |
| Network accept all port connection | IPTables DROP policy by default |
| Virus infection on other network OS | Clamav |
| Intrusion Detection System | Suricata |
| Hidden software exploits | RKHunter |
| Software security holes | Debian Security repositories |
| Untrusted Cronjobs | Block cronjobs for everybody in cron.deny |
| Binaries with root permission | Disable unwanted SUID/SGID binaries |
| Insecure network programs | Block rlogink,telnet,tftp,ftp,rsh,rexec |
| IP spoof | sysctl hardening configuration |
| IP spoof | Darknet preconfigure |
| TOR extra security | SocksPort 9050 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol IsolateDestPort IsolateDestAddr |
| DNS leak protection | Usage of OpenNIC |
| Hidden code on apps | Verifiable builds |
| Take advantage of already logged in sessions | Bash usage of VLOCK and/or TMOUT to protect your bash login |
| Direct access to HDD data | Full disk LUKS encryption |
| Exploits of shared resources & hardware | Docker |
| SSH Old protocol weak | SSH only protocol V2 allowed |
| Computer stealing | Secured&encrypted backup on decentralized storage grid |
| Rootkit | Use OpenSource & RKHunter |
| Software backdoor | Use OpenSource |
| Hardware backdoor | Use OpenHardware |
| Packet Sniffing | Using HTTPS Everywhere |
| Responsible for building Tor circuits | Tor client running on CommunityCube |
| Exploit Quantum protection | Yes, suricata |
| Intrusion Prevention System | Yes |
| Browser exploit protection | Yes |
| Protection against IP/location discovery | Yes & agent |
| Workstation does not have to trust Gateway | No |
| IP/DNS protocol leak protection | Only if you configure manually |
| Operating System Updates | Persist once updated |
| Update Notifications | Yes on LED and TFT display |
| Important news notifications | Yes on LED and TFT display |
| Decentralized System Updates | Using APT P2P |
| Network/web Fingerprint | Maximum possible protection with Agent (pc (windows/linux/mac) & mobile (android/ios) |
| Clearnet traffic | Routing model it's described in Network page |
| Surf the deepweb with regular browser | Yes but not recommended |
| Randomized update notifications | Yes |
| Privacy Enhanced Browser | Yes, Tor Browser with patches |
| Hides your time zone (set to UTC) | Yes |
| Secure gpg.conf | Yes |
| Enable secure SSH access | Yes, through physical TFT with external network disconnect |
| Auto Disable logins | Only logins are possible on configuration mode, activated through physical TFT with external network disconnect |
| Internet of the Things protection | Yes, it's described in Network page |
| HTTP Header Anonymous | Yes |
| Big clock skew attack against NTP | Tot blocked |
| VPN Support | Configurable through TFT |
| Ad-bloking track protection | Yes |
| Root password configuration | Yes, mandatory on first boot and later on TFT configuration panel |
| Wifi password configuratio | Yes, manadatory on first boot and later on TFT configuration panel |
| Internal WIFI device without password or WEP encryption | No |
Thank you for your awesome support!