On 09/25/2016 02:34 AM, neilhard...@gmail.com wrote:
Let's say I have a Qubes machine connected to a 2nd laptop by Ethernet.
The Qubes machine is sharing its Internet connection.
Let's say the Qubes machine gets hit with a DMA attack.
The 2nd laptop is not a Qubes machine, and therefore doesn't have VT-D for DMA
Can the DMA attack be "carried forward" to the 2nd laptop... or is it killed
for good by the Qubes machine..?
The former is true: A Qubes netvm (e.g. sys-net) is like having a
separate router device. If its compromised it could launch (non-DMA)
attacks against other devices on the net... AND against your appvms.
But proxyvms can help protect your other vms in various ways: A
sys-firewall can filter packets with hardly any risk of being attacked
itself. A VPN gateway can reject anything that doesn't belong to the
encrypted packet stream. Etc...
Of course, non-networked VMs are the safest of all.
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to firstname.lastname@example.org.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.