On Wednesday, August 30, 2017 at 11:32:05 AM UTC-4, Alex wrote: > On 08/30/2017 05:17 PM, [email protected] wrote: > >> Please also note that any remote administration command can only > >> be received through networking, so proper firewalling (ipv6 may > >> complicate things - prepare your studies in advance) and monitoring > >> may help great lengths. Also, do avoid using x86-based > >> firewalls/routers... ;) > >> > >> -- Alex > > > > Just to be clear for beginners - this means that if you're running > > Qubes on an x86 processor, you cannot trust Qubes as a firewall to > > prevent IME remote administration. > > > > You would need a separate device to act as a firewall. Most routers > > have recently been shown to be compromised in similar ways. It will > > be difficult, but should be possible, to find a device that is secure > > given current knowledge. > > > > You are right. With "proper firewalling" I was implying separate > physical hardware, and that was the basis for "avoid x86 based firewalls". > > There's no isolation benefit with a software firewall if the remote > administration packets are received by the local network adapter, since > the "zombie RAT fungus" (Intel ME) fiddles with PCI devices on its own. > > -- > Alex
Does AMD or ARM motherboard have similar feature(like Intel ME)? Thanks Dominique -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/435d58b8-05cc-4113-aa81-4d423a65587e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
