On 2/8/19 5:12 AM, Francesco Frassinelli wrote:
Feb 8, 2019, 10:42 AM by [email protected]
<mailto:[email protected]>:
> Feb 8, 2019, 9:05 AM by [email protected] <mailto:[email protected]>:
>
> > Hi!
> >
> > The system administrators working in my company do not want to let
user access to the internal network with OS that are not under their
control and they only support Windows at the moment.
> >
> > I would like to propose QubesOS as an alternative, with a Windows
VM managed by them inside it, connected to the internal network via VPN
(we already have this VPN in place for accessing the internal network
while working outside of the building). In addition to this, users could
run the operating systems and the applications they want in different
VMs, thanks to QubesOS features.
> >
> > The system administrators would not have to support QubesOS, just
the Windows VM, but this solution could only be accepted if I am able to
show that there is a reasonable guarantee that tampering the Windows VM
from QubesOS is as hard as tampering the same Windows system installed
on a regular machine (with secure boot, hardware encryption, etc.).
> >
> >
> > My question is: how secure is a VM if a user tries to tampers it?
Is SGX a technology that can be used to provide that level of security?
If so, is it used by QubesOS at the moment?
> >
> >
> > Any suggestion, comment or link would be greatly appreciated.
> >
> >
> > Frafra
> >
>
> It shouldn't be an issue as employees were already given a certain
level of trust in the organozation, based on their position and
competencies. Employee with malicious intent can easily break into the
current setup too, like copy and paste, deal with the critical
information with malicious intent. Adding Qubes to the trusted setup
doesn't make the situation significantly worse. It should, on the other
hand, significantly increase the security of the endpoint, if set up
properly.
>
> The issue you mention is more about trust in employees, the trust
model, than about selected OS in usage.
The problem is that there are cryptolockers, phishing email, and so on,
and some users are more vulnerable than others (a developer has a
different background compared to an accountant), but it has been decided
that is better not to differentiate between users ("your colleague can
install whatever you want and you cannot") and keep a stricter security
policy allowing only pre-approved OS on the internal network.
Thinking about the threat model, qubes-fan's advice makes a lot of sense.
With a regular Windows laptop the company admins are already trusting
you with physical access. That is a lot of power. So the question is why
wouldn't this trust extend to a Windows VM on Qubes, which has superior
protection from any remote attacks?
--
Chris Laprise, [email protected]
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/3d285f7b-a24a-eed0-d85f-0b6ea7bbb4b3%40posteo.net.
For more options, visit https://groups.google.com/d/optout.
