Interpreting Test Results
Correct interpretation of test results is more complex than merely observing the presence of traffic. Zero Exhaust is not necessarily a machine with absolutely no outgoing traffic. Certain Internet protocols and realities of today's software necessitate some traffic exchange between your devices and servers on the Internet for secure and reliable operation. This article explains these circumstances.
Certificate Authority Related Traffic
When exchanging secret messages with a friend, you can simply whisper your shared password into your his or her ear. Although this scheme works well between two friends who know each other and can meet face to face, it doesn't scale to the size of Internet.
Security at the scale of Internet relies on a third party which is trusted by both client and server. This third party is called Certificate Authority (CA). CAs issue and manage so-called "digital certificates". Since certificates come from a mutually trusted authority, servers of businesses use certificates to prove their identity to the clients. However, sometimes, certificates need to be revoked. For example, if the private portion of the certificate is hacked, hackers can impersonate the certificate owner, making that certificate misleading and totally untrustworthy.
Certificate revocations are announced with Certificate Revocation Lists (CRL) or Open Certificate Status Protocol (OCSP). Clients need to check CRL/OCSP servers periodically (or better yet on-demand) to make sure that they have the latest information on trustworthiness of certificates that they are consuming. Without this, there is absolutely no way to verify authencity and validity of certificates. Therefore, Zero Exhaust institute highly recommends that CRL/OCSP traffic is allowed.
Network Time Protocol (NTP)
Accurate time information ios needed to prevent certain time based attacks (such as detecting expired or not yet valid certificates more accurately). Unfortunately, accurate time keeping is hard. Onboard clocks drift overtime. Also, system administrators may make mistakes adjusting the system time correctly. Thankfully, modern architecture allows synchronization of devices with highly accurate, well maintained time servers. This synchronization occurs using Network Time Protocol (NTP). Amount of exchanged information is very minimal and limited only to date and time. Also, synchronizations occur infrequently, usually not more than once in a day. Considering the benefits and negligible downside, it is important to allow NTP traffic to flow freely.
Today's software is extremely complex. For example, Linux kernel, which is a small portion of the overall operating system, has 57,202 files consisting of 22,833,860 lines. There has been 647,845 commits from 16,255 authors. In 2016 alone, 33,286 files changed in the kernel tree yielding 4,168,283 insertions and 2,195,354 deletions! These numbers are astronomical. Humans err, with such high churn, there will no doubt be mistakes; sometimes very big mistakes causing security vulnerabilities and reliability problems.
Thankfully, most software companies service their products regularly, patching those mistakes and making their software overall better. Most modern softwre will download those servicing updates regularly. While doing so, they will need to send a minimal amount of information, such as what version of software you have so that they can check for applicability. Zero Exhaust Institute considers software updates minimal privacy risk with potentially big security and reliability rewards. Therefore, we recommend that you allow software updates unless you have unparalleled privacy needs.