Control Drawing
A visual overview of the Nekotopia Torus security model. This complements the detail in Torus Controls.
How the Torus Protects You
+-----------------+
| INTERNET |
| (Untrusted) |
+--------+--------+
|
Encrypted WireGuard Tunnels
|
+----------------------------------------+
| NEKOTOPIA TORUS MESH |
| |
| +--------------------------------+ |
| | Regional Hubs | |
| | | |
| | London . Ohio . Frankfurt | |
| | | |
| | - Traffic isolation by tier | |
| | - Per-user access controls | |
| | - Bandwidth management | |
| | - Connection monitoring | |
| +--------------------------------+ |
| |
| +---------+ +---------+ |
| | You |<---->| Other | |
| | (Your | | Member | |
| | Site) | | (Their | |
| | | | Site) | |
| +----+----+ +---------+ |
+----------------------------------------+
|
vYour Side - What You Control
+-----------------------------------------------------------------------+
| YOUR HOME NETWORK |
+-----------------------------------------------------------------------+
| |
| +---------------------------------------------------------------+ |
| | YOUR FIREWALL / ROUTER | |
| | Choose what to share and with whom (recommended) | |
| +---------------------------------------------------------------+ |
| | | | |
| v v v |
| +------------------+ +------------------+ +------------------+ |
| | Modern PCs | | Retro Gear | | Shared | |
| | | | | | Services | |
| | - Patched OS | | - SGI IRIX | | | |
| | - AV current | | - Classic Mac | | - Web server | |
| | - Strong auth | | - Amiga / Atari | | - File share | |
| | | | - BeOS, OS/2 | | - Game server | |
| | [+] Good | | Filter access | | - BBS | |
| | | | [+] Better | | [+] Best | |
| +------------------+ +------------------+ +------------------+ |
| |
+-----------------------------------------------------------------------+What the Platform Provides
+-----------------------------------------------------------------------+
| TORUS PLATFORM CONTROLS |
+-----------------------------------------------------------------------+
| |
| ENCRYPTION ACCOUNT TIERS MONITORING |
| ---------- ------------- ---------- |
| - WireGuard tunnels - Basic: mesh only - Connection health |
| encrypt all traffic - Plus: mesh+internet - Peer activity |
| - No unencrypted data - Pro: dedicated IP - Bandwidth usage |
| crosses the internet + public services - Admin dashboard |
| |
| REGIONAL HUBS ACCESS CONTROL CONNECTIVITY |
| ------------- -------------- ------------ |
| - London (primary) - Individual accounts - Echo service at |
| - Ohio, US - Invite-only signup 10.254.100.102 |
| - Frankfurt, DE - Admin approval - Verify your tunnel |
| - More planned - Operator oversight is working anytime |
| |
| COMING SOON |
| ----------- |
| - Hub-side intrusion prevention |
| - Deep packet inspection (opt-in) |
| - Enhanced segmentation controls |
| |
+-----------------------------------------------------------------------+Best Practices
+-----------------------------------------------------------------------+
| WHAT WE RECOMMEND |
+-----------------------------------------------------------------------+
| |
| 1. USE A FIREWALL |
| A small router (like MikroTik) between the Torus and your |
| equipment lets you choose exactly what is reachable. |
| |
| 2. SEPARATE YOUR NETWORKS |
| Keep retro gear on a different subnet from your personal |
| devices. If something goes wrong, the blast radius is contained. |
| |
| 3. SHARE DELIBERATELY |
| Only expose the services you intend to share. A web server |
| is great; your entire filesystem probably isn't. |
| |
| 4. CHANGE DEFAULTS |
| Default passwords on old systems were fine in 1995. They're |
| not fine on a network with other people. Change them. |
| |
| 5. KEEP MODERN STUFF PATCHED |
| Your retro kit can't be updated, but your modern PC can. |
| Keep it current - it protects everything else on your LAN. |
| |
+-----------------------------------------------------------------------+