On 6/21/19 6:37 PM, ljul8...@gmail.com wrote:
I was told that if dom0 gets infected, everything in the laptop can be found and read.
While this is a true statement, you then have to think about exactly
what it would take for someone to do this given the Qubes logical
architecture and the physical hardware enforced memory separation that
Qubes is built upon. For an adversary to circumvent your dom0 you will
likely have needed to have helped them do so, by first doing something
to deliberately break your security model.
Note to self: Don't do stupid things in dom0.
Since dom0 has no networking, just to get into dom0, the adversary would
have to first breach the sys-net VM and then somehow circumvent or
leverage a flaw in the Xen hypervisor to establish a communications
channel into Dom0 to take control. That is exactly why Dom0 has no
networking nor any user applications, so its actually *hard* to do
stupid things. The attack surface of dom0 purposefully is kept to the
absolute bare minimum. For this reason I use a separate stripped down OS
template for sys-net, just to make this VM as a stepping stone, a little
more challenging for the adversary. Faux hacker tools, process
instrumentation, and lots of land mines.
Or, you yourself would have to introduce some APT agent (e.g. inserting
an infected USB device) into Dom0, so that this APT agent can later
reach back out to the adversary, as to establish a back-channel, and
permit their gain of control over the machine. You would have to
unwittingly be their accomplice in the crime that you yourself are
wanting to prevent.
Neither of the above circumventions are easy, and thus the only sure way
for an adversary to get into your system is for them to have personal
physical access to your hardware, an alternate bootable OS on a CD/USB,
along with the LVM encryption passwords. That is where Qubes AEM comes
in. I have had to breach my own systems on occasion, while I already
know the passwords, and I have found that it can still be a challenge to
take control over a Qubes system without leaving some kind of obvious
evidence behind.
Note to self: Don't over-harden your desktop system if you want to
actually get your work done.
The ip is not a problem but I’m not sure about the MAC address? If they found
out the latter by infecting dom0, what are the possibilities to trace that MAC
address to the laptop owner?
What you are asking for is called "MAC randomization". You can google
this phrase in this news group or the Qubes site and find out how to do
it. Basically, each time you boot you can script up the modification of
the MAC address to another value, so that, statistically at least, you
are never using the same MAC address.
Since the majority of networks assign the actual IP address to you, you
likely won't have much control over that address, and logically the IP
address belongs to the network, not you. Chances are that with a
different MAC address you will not likely be getting the same IP address
each time either, depending of course on how they actually allocate
their addresses.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/32e60342-e935-7fee-19a7-5d400e6028a4%40jhuapl.edu.
For more options, visit https://groups.google.com/d/optout.
