Stumpy:
> I was reminded about qubes hardening that Chris L has been working on
> and also noticed that Patrick/Whonix is now basing whonix on thier
> kicksecure distro and was trying (not so successfully) to absorb all of
> this. I got the impression that Chris's work wouldnt jive so well with
> kicksecure (fair enough, can just use it on non-whoinx setups) but wasnt
> sure. Also there is the idea of DVM sys-* (net/usb/firewall/etc) vms
> sounded like they would add an extra layer of security, maybe based on
> centos (I have seen conversations about how fedora doesnt sign or
> something apps in their repos? please dont troll me, i am not trying to
> pretend like i understand that) and some other things that i am sure i
> have missed (maybe a iptable/firewall gui [apart from whats built into
> qubes settings... i just dont find that intuitive).

Just running Qubes by itself is already more hardened than 99% of people
out there, so if your main concern is standard/driveby attacks against
mainstream OSes, you shouldn't be very much so. You cover multiple points:

- There is something in the works to allow custom kernels inside AppVMs.
Whonix and others can use them for additional hardening and/or
additional drivers. Don't think it's released yet.
- Chris's VM hardening works on regular qubes. Not sure if it will on
Whonix ones.
- DVM sys-* is pretty straight-forward, just follow the docs.
- Centos is unrelated. If you're concerned about Fedora's lack of
signing, switch to Debian templates, or some other that has signing.
- Mirage can be used as a sys-firewall replacement.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5fd60ae4-f73b-7392-8ef9-53a2e361a8e8%40danwin1210.me.

Reply via email to