On 09/25/2016 08:12 AM, johnyju...@sigaint.org wrote:
Chris wrote:
Especially if you did the sharing via a separate vpn or ssh tunnel. But
in general, I don't think Qubes security should be considered much if
any benefit to adjacent non-Qubes systems.
I'm curious as to why you would say this.

Any additional firewall between a Laptop and the network is a plus for
security, and with Qubes isolating the NIC in a virtual machine, its safer
from compromise than a typical firewall.

I guess I was thinking in terms of using a single NIC/netvm. Having a second NIC/netvm only for the other laptop does offer hope that one DMA exploit can't carry over to the other netvm (and thus the other laptop).... but that protection is probably due not only to vt-d but to some filtering done by an intermediate proxyvm or such.

Its quite true about Qubes' network "layering" offering both greater simplicity and security. I think this is because potential leaks around a tunnel are more easily dealt with in a vm that's devoted to the tunnel.


You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to