On Tuesday, November 15, 2016 at 1:54:24 PM UTC, amadaus wrote: > [email protected]: > > We see much correspondence in these forums about installing a VPN within > > Qubes. Surely, the most secure place for VPN is to install on a Router? > > I say these things after reading the following paper [ > > https://cryptome.org/2013/12/Full-Disclosure.pdf ] in which a group of > > hackers demonstrate that the majority of routers (in-particular those > > provided by ISP's] have backdoors to government agencies. These > > adversary's are able attack our LAN and its devices; including the > > ability to intercept VPN and Tor traffic. > > The solution they say is to isolate these rogue routers in the > > Militarized Zone by creating a DMZ [demilitarized zone]. Achieved by > > installing a 2nd router [flashed with open source firmware such as > > OPenWRT]. It is here, on the router, that we should enable and run OpenVPN. > > Thoughts on this paper and it's conclusions are welcomed > > > Thanks everyone for your contributions. > Implicit in most of your replies is a distinct distrust of the > modems/routers provided to us. > If anyone is interested, the solution we adopted to securing our LAN is > copied from this blog; > https://tokyobreeze.wordpress.com/2015/02/01/create-a-nsa-and-hacker-proof-home-network-that-you-control/ > This guy uses a couple of cheap routers loaded with OpenWRT which sit > behind his infected Modem. His 2nd routed utilises OpenVPN Client and is > configured to protect "high value" devices. > We've successfully copied this configuration and it seems!! to work. - > unless you know better??
Sorry, I took your thread for a bit of a detour. Going back to your original post: > Surely, the most secure place for VPN is to install on a Router? Joanna might disagree with that for the same reason she posits that VMs connected via Qubes networking may be more secure than physical machines separated by a potentially vulnerable TCP/IP stack. (http://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) Generally speaking, it seems to be a good idea to isolate your public-facing network adapter from your firewall and proxies (vpn). Whether it's best to use Qubes, other hypervisor, physical devices, or driver domains as taiidan suggested; I don't know. As with all things security-related, the solution that works for you will depend on your threat model, which you haven't described. Certainly, I would question the credibility of a blog that claims to have a setup that is "NSA-proof". Most of the changes recommended in the blog are simply shifting trust from your ISP to other 3rd-parties: OpenDNS, VPN provider, etc. Make sure that's what you want since everyone involved is only guaranteeing "privacy by policy." * Using OpenDNS does not protect your kids from inappropriate content. That's just bizarre. * If you distrust your ISP enough to require a VPN, why allow the ISP to see any unencrypted traffic at all? Blogger only uses VPN for some "sensitive" traffic because he doesn't want the rest subjected to geographic blocking. Why not just use a VPN that exits in the country where it's needed? If your activity is so sensitive that you can't exit, for example, in a 5-Eyes country, then you should be using Tor - because again, a VPN is just "privacy by policy". * You may want to confirm that the VPN is set to fail-closed (ie not allow traffic when VPN goes down.) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/998af77c-92a6-4e90-8be8-ab3c9e822d6e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
