Merge pull request #4838 from freedomofpress/docs-backport-4657

[1.0.0] [docs] Overhaul Transfer Device and export recommendations
freedomofpress · Sep 17, 2019 · 6796817 · 6796817
2 parents 04bbb55 + 3562c6d
commit 6796817
Show file tree

Hide file tree

Showing 32 changed files with 1,970 additions and 1,741 deletions.
diff --git a/docs/checklists/pre_install_hardware.rst b/docs/checklists/pre_install_hardware.rst
@@ -3,7 +3,11 @@ Pre-Install Hardware Checklist
 
 This is the *minimum* hardware that must be acquired to install SecureDrop:
 
-.. include:: ../includes/pre-install-hardware.txt
+.. include:: ../includes/pre-install-hardware-required.txt
+
+Additionally, you may want to consider the following purchases:
+
+.. include:: ../includes/pre-install-hardware-optional.txt
 
 .. important:: To avoid hardware compatibility issues, we strongly recommend
   adhering to our

diff --git a/docs/diagrams/README.md b/docs/diagrams/README.md
@@ -11,8 +11,7 @@ an entry here:
   [SecureDrop website FAQ][]. Up to date at the time of this writing.
   A symbolic link to the English version of the diagram
   (`SecureDrop-en.png`).
-- `SecureDrop.svg`: Multi-lingual SVG source file used to generate
-  `SecureDrop-*.png` files for the corresponding languages.
+- `SecureDrop-en.svg`: SVG used to generate the English version
 - `SecureDrop.vsdx`: The Microsoft Visio source file used to generate
   `SecureDrop-visio.png`. For context, see [#274][].
 - `SecureDrop-0.3-DFD.png`: A WIP DFD (data flow diagram) created for

diff --git a/docs/diagrams/SecureDrop-en.png b/docs/diagrams/SecureDrop-en.png
diff --git a/docs/diagrams/SecureDrop.svg → docs/diagrams/SecureDrop-en.svg b/docs/diagrams/SecureDrop.svg → docs/diagrams/SecureDrop-en.svg
diff --git a/docs/diagrams/SecureDrop-ru.png b/docs/diagrams/SecureDrop-ru.png
diff --git a/docs/diagrams/SecureDrop_DataFlow.draw b/docs/diagrams/SecureDrop_DataFlow.draw
diff --git a/docs/diagrams/SecureDrop_DataFlow.png b/docs/diagrams/SecureDrop_DataFlow.png
diff --git a/docs/generate_submission_key.rst b/docs/generate_submission_key.rst
@@ -96,5 +96,4 @@ workstation.
 .. |Export Key| image:: images/install/exportkey.png
 .. |Export Key 2| image:: images/install/exportkey2.png
 .. |Fingerprint| image:: images/install/fingerprint.png
-.. |Nautilus| image:: images/nautilus.png
 .. |Terminal| image:: images/terminal.png
diff --git a/docs/glossary.rst b/docs/glossary.rst
@@ -153,21 +153,20 @@ authentication for devices. We recommend using one of:
 
 Transfer Device
 ---------------
-
-The *Transfer Device* is the physical media used to transfer encrypted
-documents from the *Journalist Workstation* to the *Secure Viewing
-Station*. Examples: a dedicated USB stick, CD-R, DVD-R, or SD card.
-
-If you use a USB stick for the *Transfer Device*, we recommend using a
-small one (4GB or less). It will be necessary to securely wipe the entire
-device at times, and this process takes longer for larger devices.
-
-Depending on your threat model, you may wish to only use one-time-use
-media (such as CD-R or DVD-R) for transferring files to and from the
-*SVS*. While doing so is cumbersome, it reduces the risk of malware (that
-could be run simply by opening a malicious submission) exfiltrating
-sensitive data, such as the private key used to decrypt submissions or
-the content of decrypted submissions.
-
-When we use the phrase "sneakernet" we mean physically moving documents
-with the *Transfer Device* from one computer to another.
+The *Transfer Device* is the physical media (e.g., designated USB drive) used
+to transfer encrypted documents from the *Journalist Workstation* to the
+*Secure Viewing Station*, where they can be decrypted.
+
+Please see the detailed security recommendations for the choice, configuration
+and use of your *Transfer Device* in the :doc:`journalist guide <journalist>`
+and in the :doc:`setup guide <set_up_transfer_and_export_device>`.
+
+Export Device
+-------------
+The *Export Device* is the physical media (e.g., designated USB drive) used to
+transfer decrypted documents from the *Secure Viewing Station* to a journalist's
+everyday workstation, or to another computer for additional processing.
+
+Please see the detailed security recommendations for the choice, configuration
+and use of your *Export Device* in the :doc:`journalist guide <journalist>`
+and in the :doc:`setup guide <set_up_transfer_and_export_device>` .
diff --git a/docs/hardware.rst b/docs/hardware.rst
diff --git a/docs/images/install/importkey.png b/docs/images/install/importkey.png
diff --git a/docs/images/manual/unlock-veracrypt-in-tails-1.png b/docs/images/manual/unlock-veracrypt-in-tails-1.png
diff --git a/docs/images/manual/unlock-veracrypt-in-tails-2.png b/docs/images/manual/unlock-veracrypt-in-tails-2.png
diff --git a/docs/images/manual/unlock-veracrypt-in-tails-3.png b/docs/images/manual/unlock-veracrypt-in-tails-3.png
diff --git a/docs/images/manual/unlock-veracrypt-in-tails-4.png b/docs/images/manual/unlock-veracrypt-in-tails-4.png
diff --git a/docs/images/manual/viewing6.png b/docs/images/manual/viewing6.png
diff --git a/docs/images/manual/viewing7.png b/docs/images/manual/viewing7.png
diff --git a/docs/images/manual/viewing8.png b/docs/images/manual/viewing8.png
diff --git a/docs/images/screenshots/passphrase-keyring.png b/docs/images/screenshots/passphrase-keyring.png
diff --git a/docs/includes/encrypting-drives.txt b/docs/includes/encrypting-drives.txt
@@ -0,0 +1,9 @@
+.. important::
+
+   Like all storage media associated with SecureDrop, this drive should be
+   encrypted and protected with a secure passphrase. We recommend using the
+   tools built into Tails to `encrypt the drive using LUKS <https://tails.boum.org/doc/encryption_and_privacy/encrypted_volumes/index.en.html>`__.
+
+   If you are planning to use hardware RAID and/or hardware-based encryption,
+   we recommend that you research Tails compatibility before a procurement
+   decision.
diff --git a/docs/includes/pre-install-hardware-optional.txt b/docs/includes/pre-install-hardware-optional.txt
@@ -0,0 +1,15 @@
+* a printer without wireless network support, to use in combination with the
+  *Secure Viewing Station*.
+* an external hard drive to expand the storage capacity of the
+  *Secure Viewing Station*.
+* an external hard drive for server backups.
+* a USB drive to store :ref:`backups of your Tails workstation drives <backup_workstations>`.
+* a network switch, if you use a firewall with fewer than four ports.
+* a hardware token for HOTP authentication, such as a YubiKey, if you want to
+  use hardware-based two-factor authentication instead of a mobile app.
+* a USB drive with a physical write protection switch, or a USB write blocker,
+  if you want to mitigate the risk of introducing malware from your network to
+  your *Secure Viewing Station* during repeated use of an *Export Device*.
+* CD-R/DVD-R writers, if you want to use CD-Rs/DVD-Rs as transfer or export
+  media, and a CD shredder that can destroy media consistent with your threat
+  model.
diff --git a/docs/includes/pre-install-hardware-required.txt b/docs/includes/pre-install-hardware-required.txt
@@ -0,0 +1,13 @@
+* 2 computers with memory and hard drives to use as the SecureDrop servers.
+* Mouse, keyboard, monitor (and necessary dongle or adapter) for
+  installing the servers.
+* At least 2 dedicated physical computers that can boot to Tails: one
+  computer for the *Secure Viewing Station*, and one or more computers for the
+  *Admin Workstation(s)/Journalist Workstation(s)*.
+* Dedicated airgapped hardware for the mouse, keyboard, and monitor (only if you
+  are using a desktop for the *Secure Viewing Station*).
+* Network firewall.
+* At least 3 ethernet cables.
+* Plenty of USB sticks: 1 drive for the master Tails stick, 1 drive for each
+  Secure Viewing Station, 1 drive for each *Transfer Device*, 1 drive for each
+  *Export Device*, and 1 drive for each admin and journalist.
diff --git a/docs/includes/pre-install-hardware.txt b/docs/includes/pre-install-hardware.txt
diff --git a/docs/index.rst b/docs/index.rst
@@ -32,7 +32,7 @@ anonymous sources.
    before_you_begin
    set_up_tails
    set_up_svs
-   set_up_transfer_device
+   set_up_transfer_and_export_device
    generate_submission_key
    set_up_admin_tails
    network_firewall