On Sat, Feb 11, 2017 at 2:35 AM, Oleg Artemiev <[email protected]> wrote: > On Wed, Feb 8, 2017 at 2:36 AM, Chris Laprise <[email protected]> wrote: >> On 02/07/2017 04:47 AM, Oleg Artemiev wrote: >>>>> I have a bank vm, how do you restrict the browser from being able to go >>>>> else >>>>> where? Do you add the iprules in the vm or do you create a proxyvm and >>>>> add >>>>> the iprules there? >>>> I've tried both solution some time ago and definitly the tinyproxy >>>> solution >>>> works much better and can handle nicely dns round robin or servers behind >>>> load balancers. By the way this solution offer an other nice possibility, >>>> you can use regular expressions and for example allow .*\.mycompany\.com$ >>>> on >>>> the conter-part, you will have to trust the dns resolution. >>> >>> Look also for modules like 'request policy' and 'no script' or >>> 'policeman' that implements nice GUI allowing both types in a single >>> place. >>> Request policy + 'ask for reload permission' should be enough to >>> control in a single VM for a few banks in single place. >>> Not that secure as proxying and denying in some other VM, but easy + >>> GUI controls + require some configuration work at start. >> Good recommendations. I'll add one to that list: HttpsEverywhere. >> It will keep you from accidentally accessing pages in unencrypted form. You >> can also set it to allow only https (although some banks may use a mix of >> https and http). > look also for uMatrix, Privacy Badger, force cache loading, For > banking use of policeman and https everywhere should be enough. Though > other firefox modules are also good. forgot to mention uBlock Origin .
-- Bye.Olli. gpg --search-keys grey_olli , use key w/ fingerprint below: Key fingerprint = 9901 6808 768C 8B89 544C 9BE0 49F9 5A46 2B98 147E Blog keys (the blog is mostly in Russian): http://grey-olli.livejournal.com/tag/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABunX6Mo6oPKD0i7feBm5qpEW_MNYHAZ%2BesTADLG%2BqthXN%3DXsg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
