On 03/06/18 13:42, sevas wrote:

  I havent quite tackled the security through compartmentalization part yet. I 
have put some thought into it though, and after dividing my attack surface 
between functions (keyring, passwords, misc files, etc) I realized that each 
function has only one app to go with it. So I may as well just have one app 
running in each VM. Or in the case of splitVMs, multiple apps for each program!

I would love to hear how you divide your VMs up. I was looking for examples 
online, but I couldnt find any; aside from an (ITL?) essay I read last year. 
But starting easy and growing is good advice.

Sevas, In case it gives you any ideas, here is how I "generally" do my own VM compartmentalization with two use-cases, work and home.

At Work:

One VM is specifically designated for "Internet" browsing, and it has every security plugin that I could find that offers any additional measure of security. That's of course a balance of risk, because somebody whom I do not personally know had to write that plugin. But again that's why I believe programs like IDA Pro and radare2 were written, for us insanely paranoid software geeks. In some rare cases I simply use a DVM for browsing the darker corners of the Internet, or for researching/checking any kind of untrusted URL's I might be weary of. I can't use whonix here so the DVM is the next best thing for this.

Each "project" I work on with any kind of "need-to-know" associated with it (specific contract, internal documents, preliminary research, Wan/Intranet search, timecards, etc) gets its own VM by default. Its better not to mix some things, so keeping them separate is often safer.

Because the SMTP infrastructure was not designed with compartmentalization in mind, and I only get my one email account to work with, this single "email" VM is highly isolated. It gets its own software locked down configuration and is firewalled with a default-deny network policy. The only services that this VM can get to on the network is the required SMTP services, network authentication, and the necessary signing key management. No internal websites, no external sites, only the email App runs here. Well, Ok, the calendar too. Anyway, there should be no "phoning home" from here, other than through per use 2fa outbound email. Should any rouge malware be received, all attachments are first scanned and "tested" in a DVM instance before being separated and pushed across to the appropriate project VM for storage management. All project related historical emails are then migrated to an off-line but searchable storage by project. This specialized email VM essentially sorts, filters, prioritizes, and bins any incoming data/mail for easy processing.

At Home:

Each member of the family gets one VM for the Internet. Personal email comes to each individuals account. These accounts are not used for any financial purposes.

One email account is used for household billing receipts and collecting/separating tax related documents, which may then get pushed to a "Vault VM" used for eventual tax preparations or long term archival storage. This VM gets limited use as it never browses the Internet and rarely ever sends email.

One VM is for general Purchasing, and is used only for that. You find what you want on the Internet then cut and paste the URL here. Its an intermediate level of security because credit cards have a limited personal financial obligation if the number gets away from you. Its very inconvenient if it does, but life does not end if that happens. Still you want to be cautious here by limiting your overall exposure to the Internet to just the sites you actually buy from.

One VM is for Banking and only that. No searching for anything, no email, nothing. If a bank account number gets away you re generally toast. Your not getting it back unless somehow you can claim it under some kind of insurance coverage. Its a much higher risk for loss and therefor needs to be treated as such.

One optional VM is allocated to general Investments monitoring, but it has no financial accounts associated with it. It only keeps track of numbers for things you want to monitor, and does financial computations. Basically its for planning retirement. This is an idea I'm still toying with but have not settled on any particular set of tools, as I may be writing what I really want, but who has the time?

The Vault VM, with no network, meant for off line storage of important documents, before being archived off line in cold storage. Things like this years tax receipts might be a good example.


You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to