amad...@riseup.net:
> We see much correspondence in these forums about installing a VPN within
> Qubes. Surely, the most secure place for VPN is to install on a Router?
> I say these things after reading the following paper [
> https://cryptome.org/2013/12/Full-Disclosure.pdf ] in which a group of
> hackers demonstrate that the majority of routers (in-particular those
> provided by ISP's] have backdoors to government agencies. These
> adversary's are able attack our LAN and its devices; including the
> ability to intercept VPN and Tor traffic.
> The solution they say is to isolate these rogue routers in the
> Militarized Zone by creating a DMZ [demilitarized zone]. Achieved by
> installing a 2nd router [flashed with open source firmware such as
> OPenWRT]. It is here, on the router, that we should enable and run OpenVPN.
> Thoughts on this paper and it's conclusions are welcomed
> 
Thanks everyone for your contributions.
Implicit in most of your replies is a distinct distrust of the
modems/routers provided to us.
If anyone is interested, the solution we adopted to securing our LAN is
copied from this blog;
https://tokyobreeze.wordpress.com/2015/02/01/create-a-nsa-and-hacker-proof-home-network-that-you-control/
This guy uses a couple of cheap routers loaded with OpenWRT which sit
behind his infected Modem. His 2nd routed utilises OpenVPN Client and is
configured to protect "high value" devices.
We've successfully copied this configuration and it seems!! to work. -
unless you know better??

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/015a80f8-3cf1-1efc-54fb-e42a3ef3d47e%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Reply via email to