Hello,
> > It is clear that despite ticking the check boxes from the auditor point > of > > view with this idea, I would be willingly violating the internal rules > they > > have setup, and maybe risking the company certification in case of a > deeper > > review after an incident. Despite the overall lack of consideration for > > specific (and arguably better) security setups, doing this hack will > have > > me connecting to our internal networks and avoiding the endpoint > security > > scan the applications really using them. > > The auditors might be satisfied if you are able to explain how Qubes > itself is a compensating control on the limited file scanning ability of > your AV, but doing so could be a challenge. > Yes, it is challenge in many levels. Been thru five companies during their PCIDSS certification, for instance, and the way the whole business work is to promote the usage of know things, despite their real security value. To give and rough idea, a relatively patched Windows machine will always be seen as a more compliant endpoint device that using Chromebook. If Google is not yet able to get that into the "nobody got fired by" circle despite having a huge financial backing and a decent usage track , imagine the relatively obscure OS we love. On the bright side, all auditors I spoke to are either a) aware of Qubes as state of the art in secure endpoint (given a decently trained user, that is) or b) Amazed when told and show how it works. > For a really ugly hack, you might be able to readonly loop mount -pool00 > (and -root?) into a network connected AppVM running your AV, so it could > scan them as large files. This breaks the Qubes security model pretty > thoroughly, but would make auditors happy I guess. You'd at least have > the benefit of continuing to use Qubes. I soon have the annual company meeting, and may find a suitable stop to discuss this with my managers. Will be an interesting talk, for sure. Thanks for the idea, will check how S1 deals with images and raw filesystems. Cheers, ///Pablo -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/42eda180-f125-4ea5-a2ed-e1440db2786d%40googlegroups.com.
