On 03/06/18 13:42, sevas wrote:
I havent quite tackled the security through compartmentalization part yet. I
have put some thought into it though, and after dividing my attack surface
between functions (keyring, passwords, misc files, etc) I realized that each
function has only one app to go with it. So I may as well just have one app
running in each VM. Or in the case of splitVMs, multiple apps for each program!
I would love to hear how you divide your VMs up. I was looking for examples
online, but I couldnt find any; aside from an (ITL?) essay I read last year.
But starting easy and growing is good advice.
Sevas, In case it gives you any ideas, here is how I "generally" do my
own VM compartmentalization with two use-cases, work and home.
One VM is specifically designated for "Internet" browsing, and it has
every security plugin that I could find that offers any additional
measure of security. That's of course a balance of risk, because
somebody whom I do not personally know had to write that plugin. But
again that's why I believe programs like IDA Pro and radare2 were
written, for us insanely paranoid software geeks. In some rare cases I
simply use a DVM for browsing the darker corners of the Internet, or for
researching/checking any kind of untrusted URL's I might be weary of. I
can't use whonix here so the DVM is the next best thing for this.
Each "project" I work on with any kind of "need-to-know" associated with
it (specific contract, internal documents, preliminary research,
Wan/Intranet search, timecards, etc) gets its own VM by default. Its
better not to mix some things, so keeping them separate is often safer.
Because the SMTP infrastructure was not designed with
compartmentalization in mind, and I only get my one email account to
work with, this single "email" VM is highly isolated. It gets its own
software locked down configuration and is firewalled with a default-deny
network policy. The only services that this VM can get to on the network
is the required SMTP services, network authentication, and the necessary
signing key management. No internal websites, no external sites, only
the email App runs here. Well, Ok, the calendar too. Anyway, there
should be no "phoning home" from here, other than through per use 2fa
outbound email. Should any rouge malware be received, all attachments
are first scanned and "tested" in a DVM instance before being separated
and pushed across to the appropriate project VM for storage management.
All project related historical emails are then migrated to an off-line
but searchable storage by project. This specialized email VM essentially
sorts, filters, prioritizes, and bins any incoming data/mail for easy
Each member of the family gets one VM for the Internet. Personal email
comes to each individuals account. These accounts are not used for any
One email account is used for household billing receipts and
collecting/separating tax related documents, which may then get pushed
to a "Vault VM" used for eventual tax preparations or long term archival
storage. This VM gets limited use as it never browses the Internet and
rarely ever sends email.
One VM is for general Purchasing, and is used only for that. You find
what you want on the Internet then cut and paste the URL here. Its an
intermediate level of security because credit cards have a limited
personal financial obligation if the number gets away from you. Its very
inconvenient if it does, but life does not end if that happens. Still
you want to be cautious here by limiting your overall exposure to the
Internet to just the sites you actually buy from.
One VM is for Banking and only that. No searching for anything, no
email, nothing. If a bank account number gets away you re generally
toast. Your not getting it back unless somehow you can claim it under
some kind of insurance coverage. Its a much higher risk for loss and
therefor needs to be treated as such.
One optional VM is allocated to general Investments monitoring, but it
has no financial accounts associated with it. It only keeps track of
numbers for things you want to monitor, and does financial computations.
Basically its for planning retirement. This is an idea I'm still toying
with but have not settled on any particular set of tools, as I may be
writing what I really want, but who has the time?
The Vault VM, with no network, meant for off line storage of important
documents, before being archived off line in cold storage. Things like
this years tax receipts might be a good example.
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to firstname.lastname@example.org.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.