I get the impression the Wiki (I started with https://www.whonix.org/wiki/Dev/Technical_Introduction) mostly concentrates on the protection of Whonix-Workstation, but not much is written about the protection of Whonix-Gateway.
The only directly relevant article I found is:
Which is surprisingly short in relation to more or less any other wiki page I viewed.
I understood a major part here is minimizing the attack surface:
By installing a “minimal system”, the only attack surface to an remote attack is Tor itself, apt-get and tails_htp. You can verify this with netstat.
Is it possible to:
- Explain in which way exactly can this be verified with netstat? I tried to run netstat -antp and got a long list. I tried netstat -anp and got the phone book. What’s supposed to appear?
- Provide more resources that can help to understand how is Whonix-Gateway itself protected?
- Any recommendations for the hardening of Whonix-Gateway?
- Regarding the quote -
Whonix-Gateway MUST NOT be ever used for anything other than running Tor on it.
But, there are several applications on Whonix-Gateway by default - VLC, KMouth, Nepomak, Ark and others. Don’t those increase the attack surface?