Control Drawing
A visual overview of the Nekotopia Torus security model. This complements the detail in Torus Controls.
How the Torus Protects You
┌─────────────────┐+-----------------+
│| INTERNET │|
│| (Untrusted) │|
└────────┬────────┘+--------+--------+
│|
Encrypted WireGuard Tunnels
│|
┌──────────────────────────────────────┐+----------------------------------------+
│| NEKOTOPIA TORUS MESH │|
│| │|
│| ┌──────────────────────────────┐+--------------------------------+ │|
│| │| Regional Hubs │| │|
│| │| │| │|
│| │| London ·. Ohio ·. Frankfurt │| │|
│| │| │| │|
│| │| •- Traffic isolation by tier │| │|
│| │| •- Per-user access controls │| │|
│| │| •- Bandwidth management │| │|
│| │| •- Connection monitoring │| │|
│| └──────────────────────────────┘+--------------------------------+ │|
│| │|
│| ┌─────────┐+---------+ ┌─────────┐+---------+ │|
│| │| You │◄──►│|<---->| Other │| │|
│| │| (Your │| │| Member │| │|
│| │| Site) │| │| (Their │| │|
│| │| │| │| Site) │| │|
│| └────┬────┘+----+----+ └─────────┘+---------+ │|
└──────────────────────────────────────┘+----------------------------------------+
│|
▼
vYour Side —- What You Control
┌───────────────────────────────────────────────────────────────────────────┐+-----------------------------------------------------------------------+
│| YOUR HOME NETWORK │|
├───────────────────────────────────────────────────────────────────────────┤+-----------------------------------------------------------------------+
│| │|
│| ┌─────────────────────────────────────────────────────────────────┐+---------------------------------------------------------------+ │|
│| │| YOUR FIREWALL / ROUTER │| │|
│| │| Choose what to share and with whom (recommended) │| │|
│| └─────────────────────────────────────────────────────────────────┘+---------------------------------------------------------------+ │|
│| │| │| │| │|
│| ▼v ▼v ▼v │|
│| ┌────────────────┐+------------------+ ┌────────────────┐+------------------+ ┌────────────────┐+------------------+ │|
│| │| Modern PCs │| │| Retro Gear │| │| Shared │| │|
│| │| │| │| │| │| Services │| │|
│| │| •- Patched OS │| │| •- SGI IRIX │| │| │| │|
│| │| •- AV current │| │| •- Classic Mac │| │| •- Web server │| │|
│| │| •- Strong auth │| │| •- Amiga / Atari │| │| •- File share │| │|
│| │| │| │| •- BeOS, OS/2 │| │| •- Game server │| │|
│| │| ✅[+] Good │| │| Filter access │| │| •- BBS │| │|
│| │| │| │| ✅[+] Better │| │| ✅[+] Best │| │|
│| └────────────────┘+------------------+ └────────────────┘+------------------+ └────────────────┘+------------------+ │|
│| │|
└───────────────────────────────────────────────────────────────────────────┘
+-----------------------------------------------------------------------+What the Platform Provides
┌───────────────────────────────────────────────────────────────────────────┐+-----------------------------------------------------------------------+
│| TORUS PLATFORM CONTROLS │|
├───────────────────────────────────────────────────────────────────────────┤+-----------------------------------------------------------------------+
│| │|
│| ENCRYPTION ACCOUNT TIERS MONITORING │|
│| ──────────---------- ─────────────------------- ──────────---------- │|
│| •- WireGuard tunnels •- Basic: mesh only •- Connection health │|
│| encrypt all traffic •- Plus: mesh + mesh+internet •- Peer activity │|
│| •- No unencrypted data •- Pro: dedicated IP •- Bandwidth usage │|
│| crosses the internet + public services •- Admin dashboard │|
│| │|
│| REGIONAL HUBS ACCESS CONTROL CONNECTIVITY │|
│| ─────────────------------- ──────────────-------------- ────────────------------ │|
│| •- London (primary) •- Individual accounts •- Echo service at │|
│| •- Ohio, US •- Invite-only signup 10.254.100.102 │|
│| •- Frankfurt, DE •- Admin approval •- Verify your tunnel │|
│| •- More regions planned •- Operator oversight is working anytime │|
│| │|
│| COMING SOON │|
│| ────────────----------- │|
│| •- Hub-side intrusion prevention │|
│| •- Deep packet inspection (opt-in) │|
│| •- Enhanced segmentation controls │|
│| │|
└───────────────────────────────────────────────────────────────────────────┘
+-----------------------------------------------------------------------+Best Practices
┌───────────────────────────────────────────────────────────────────────────┐+-----------------------------------------------------------------------+
│| WHAT WE RECOMMEND │|
├───────────────────────────────────────────────────────────────────────────┤+-----------------------------------------------------------------------+
│| │|
│| 1. USE A FIREWALL │|
│| A small router (like MikroTik) between the Torus and your │|
│| equipment lets you choose exactly what is reachable. │|
│| │|
│| 2. SEPARATE YOUR NETWORKS │|
│| Keep retro gear on a different subnet from your personal |
| devices. │
│ If something goes wrong, the blast radius is contained. │|
│| │|
│| 3. SHARE DELIBERATELY │|
│| Only expose the services you intend to share. A web server |
| is │
│ great; your entire filesystem probably isn't. │|
│| │|
│| 4. CHANGE DEFAULTS │|
│| Default passwords on old systems were fine in 1995. They're |
| not │
│ fine on a network with other people. Change them. │|
│| │|
│| 5. KEEP MODERN STUFF PATCHED │|
│| Your retro kit can't be updated, but your modern PC can. │|
│| Keep it current —- it protects everything else on your LAN. │|
│| │|
└───────────────────────────────────────────────────────────────────────────┘
+-----------------------------------------------------------------------+