W dniu niedziela, 13 listopada 2016 21:39:29 UTC+1 użytkownik entr0py napisał:
> taii...@gmx.com:
> > Ideally you would want a blob free coreboot system with no Intel ME or AMD 
> > PSP type backdoors.
> > https://www.coreboot.org/Binary_situation
> > Intel is actively trying to nerf free software with Boot Guard/ME, if you 
> > buy a computer with those features it isn't really your computer.
> > 
> > A backdoor in a modem is irrelevant, it is post WAN and should be 
> > considered part of the "internet".
> > 
> Right, I've always followed the advice to secure each pc as if it were 
> connected directly to the internet and not to rely on the router for any 
> security.
> But now I'm interested in actually building a secure router. One reason is 
> what you mentioned regarding Intel ME. Since Qubes 4.0 will require VT-d (and 
> unavoidably Intel ME) and the fact that it's cool to use new hardware, I'd 
> like to place a physical barrier to block ME signals.
> I had always imagined repurposing a Qubes PC to serve as a router, especially 
> because of the flexibility it has with chaining and branching multiple 
> transparent proxy VMs. But obviously now, it doesn't make any sense to use an 
> ME equipped machine as a router.
> So if I had a budget (for argument's sake) of $2000 to build a secure router 
> for 10-15 clients in a small business environment where maximum throughput is 
> not really an issue, what would you all advise? A libreboot machine? but then 
> what kind of OS could it run that could meaningfully isolate sys-net and 
> provide similar routing capabilities?
> TIA.

Have You considered running PfSense as Your main router OS on a dedicated box? 
You need a small PC with more than one network interface card. PfSense is open 
source, it's infinitely configurable and has an extensive plugin system to 
extend it beyond typical router capabilities.

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to