Re: Best practice for managing default routes over only VPN connections?

On 11/07/2016 01:49 PM, Stuart D. Gathman wrote:
Cool!  I had not had time to find out exactly what qubes did, but you
explained it very well.  I suspect that's not *all* qubes does, but
I'll be installing a prepackaged VM router (or hacking my own). What a great

Yeah, Qubes really is cool... All mundane app functions and external connections are done in virtual machines which are controlled with very simple/safe interfaces by the bare-metal hypervisor, Xen. It does the same for hardware, too... Network and USB controllers especially are confined to service VMs using the IOMMU to ensure DMA-based attacks don't yield access to the rest of the system.

OTOH, the admin VM has no network access. Its job is to run the GUI and local storage, and manage the unprivileged VMs (which by default run from read-only OS templates). The Qubes graphics stack prevents the usual GUI vulnerabilities with VM running on Linux, e.g. no clipboard sniffing or bitmap spying; it also displays window borders with VM name and assigned color so there's little or nothing a compromised VM can do to fool you.

The overall idea is to stuff most of the complexity and attack surface of a modern desktop into isolated, unprivileged VMs. You have to trust only a much smaller admin VM, tiny Xen hypervisor and core hardware components. From there, its up to the user to organize their activities and data into different VMs like "personal", "work", "untrusted".

BTW, some Qubes users are experimenting with router and network VMs that utilize microkernels. However, the default OS templates (Debian and Fedora) make pretty good routers themselves.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]