New Qubes User here: Need guidance in safely & securely installing to DomUs/Fedora TemplateVM
51 views
Skip to first unread message
Set Emeraude
Jun 24, 2020, 9:04:32 AM6/24/20
to qubes...@googlegroups.com
Hello there,
Prior to writing this email, I have consulted the Qubes Documentation,
as well as the relevant documentation for installing any software on the
appropriate website. I am currently seeking to install Zoom and Atom to
my Fedora TemplateVM. I am required to use certain closed sourced apps
for Uni (I am an aspiring cybersecurity student). I also consulted
relevant faculty in my department, as well as my school's Cybersecurity
club. Only one person in the club has ever "played around" with Qubes.
Nobody knows about this OS, not even the PHD candidate with multiple
years of European INFOSEC/CYBERSEC experience in field. In fact, he was
made aware of the existence of Qubes because of my inquiry. So you guys
are all I got on this. I hope you guys can help out. I've digressed
enough, on with it.
System: Insurgo PrivacyBeast X230 laptop, Qubes certified Level 1 hardware.
Previous Linux experience: Ubuntu, TAILS
Command line proficiency: Minimal but comfortable enough i.e. I'll need
to have a list of terminal commands up for fedora or debian, but I can
manage it with the references.
Threat Model: Nonexistent today, as I am a student, however I am taking
the time I am in school to learn best practices in field. I will act as
if my threat model includes a Nation State OPFOR, and proof myself
against that, over the years. What better way to harden your system and
daily security practices then to assume the worst theoretical outcome?
That's my philosophy on it
Problem 1: Without inadvertently risking ANY potential breaches to Dom0,
or compromising the TemplateVM, how do I install software via the
terminal safely. I am aware I can simply enable networking to the
templateVM but I am unsure if that is the wisest practice. Easy come,
easy go.
Problem 2: I need to run closed sourced apps on this templateVM, or at
least the AppVM I've segregated to handle all schoolwork and emails. As
a security precaution, I've switched all "trusted" appvm's to run the
debianVM, including vaults, because my assumption is that if its closed
source, its backdoored by default.
What are the best practices to use when tackling the above problems?
Additionally: Do I need to wipe everything if I made the mistake of
connecting the dom0 Microphone directly to a website, in the hopes of
getting video conferencing done? I made the mistake of doing it on
Wyzant, briefly. Is that a fuckup worthy of a clean sweep, since I'm
practicing being extra careful to begin with?
Thank you for your time, and I look forward to your replies.
Prior to writing this email, I have consulted the Qubes Documentation,
as well as the relevant documentation for installing any software on the
appropriate website. I am currently seeking to install Zoom and Atom to
my Fedora TemplateVM. I am required to use certain closed sourced apps
for Uni (I am an aspiring cybersecurity student). I also consulted
relevant faculty in my department, as well as my school's Cybersecurity
club. Only one person in the club has ever "played around" with Qubes.
Nobody knows about this OS, not even the PHD candidate with multiple
years of European INFOSEC/CYBERSEC experience in field. In fact, he was
made aware of the existence of Qubes because of my inquiry. So you guys
are all I got on this. I hope you guys can help out. I've digressed
enough, on with it.
System: Insurgo PrivacyBeast X230 laptop, Qubes certified Level 1 hardware.
Previous Linux experience: Ubuntu, TAILS
Command line proficiency: Minimal but comfortable enough i.e. I'll need
to have a list of terminal commands up for fedora or debian, but I can
manage it with the references.
Threat Model: Nonexistent today, as I am a student, however I am taking
the time I am in school to learn best practices in field. I will act as
if my threat model includes a Nation State OPFOR, and proof myself
against that, over the years. What better way to harden your system and
daily security practices then to assume the worst theoretical outcome?
That's my philosophy on it
Problem 1: Without inadvertently risking ANY potential breaches to Dom0,
or compromising the TemplateVM, how do I install software via the
terminal safely. I am aware I can simply enable networking to the
templateVM but I am unsure if that is the wisest practice. Easy come,
easy go.
Problem 2: I need to run closed sourced apps on this templateVM, or at
least the AppVM I've segregated to handle all schoolwork and emails. As
a security precaution, I've switched all "trusted" appvm's to run the
debianVM, including vaults, because my assumption is that if its closed
source, its backdoored by default.
What are the best practices to use when tackling the above problems?
Additionally: Do I need to wipe everything if I made the mistake of
connecting the dom0 Microphone directly to a website, in the hopes of
getting video conferencing done? I made the mistake of doing it on
Wyzant, briefly. Is that a fuckup worthy of a clean sweep, since I'm
practicing being extra careful to begin with?
Thank you for your time, and I look forward to your replies.
verifia...@86.is
Jun 24, 2020, 9:35:00 AM6/24/20
to qubes...@googlegroups.com
On 2020-06-24 08:04, Set Emeraude wrote:
>
> Problem 1: Without inadvertently risking ANY potential breaches to Dom0,
> or compromising the TemplateVM, how do I install software via the
> terminal safely. I am aware I can simply enable networking to the
> templateVM but I am unsure if that is the wisest practice. Easy come,
> easy go >
>
> Problem 1: Without inadvertently risking ANY potential breaches to Dom0,
> or compromising the TemplateVM, how do I install software via the
> terminal safely. I am aware I can simply enable networking to the
> templateVM but I am unsure if that is the wisest practice. Easy come,
> easy go >
> Problem 2: I need to run closed sourced apps on this templateVM, or at
> least the AppVM I've segregated to handle all schoolwork and emails. As
> a security precaution, I've switched all "trusted" appvm's to run the
> debianVM, including vaults, because my assumption is that if its closed
> source, its backdoored by default.
>
For problem 1, I wouldn't edit the network settings of a TemplateVM. I'd
> least the AppVM I've segregated to handle all schoolwork and emails. As
> a security precaution, I've switched all "trusted" appvm's to run the
> debianVM, including vaults, because my assumption is that if its closed
> source, its backdoored by default.
>
suggest downloading any installers via an AppVM (or DisposableVM) that
already has networking, and then use Qubes' built-in method for
copying/moving files between VMs:
https://www.qubes-os.org/doc/copying-files/
For problem 2, you have options. You could make a copy of one of the
original TemplateVMs, install any proprietary software on the copied
TemplateVM, and then create one or more AppVMs based on that template
(I've done this for the proprietary software needed for my
printer/scanner.) You could also create a StandaloneVM and install the
software there. A template might be the way to go if you have multiple
applications that you do not want running in the same space (and so you
could create separate AppVMs for them). A standalone might make more
sense if you don't mind these applications running together, but still
want to keep them separated from the rest of your system.
Sven Semmler
Jun 24, 2020, 10:54:06 AM6/24/20
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 6/24/20 8:04 AM, Set Emeraude wrote:
> my assumption is that if its closed source, its backdoored by
> default
That really should be your assumption of all software unless you have
written or audited and compiled it yourself. And even then ... why do
you trust your compiler? It's not like that hasn't been done yet.
One of the many things I appreciate in the Qubes philosophy is that
you dramatically minimize the things you have to trust implicitly: the
XEN hypervisor, the HW virtualization and the Qubes team.
You should setup your qubes thinking that you are already thoroughly
compromised. How would you minimize damage then?
* email qube --> should contain only email and shouldn't be able to
talk to anything other than your email server (POP/IMAP and SMTP). You
might want to compartmentalize further (e.g. private email, work email)
* web --> this shouldn't contain anything valuable; compartmentalize
(e.g. banking --> https to bank only, stateful private, stateful work,
disposable for everything else) ... look into the "open in qube"
browser plugin.
* documents/photos/library --> there is no reason these qubes need to
be online ever; compartmentalize
* editing documents --> use disposable offline qubes for that
* firewall all online qubes ... only allow what you know is needed
(e.g. your dev qube might only need github.com)
Mindset: the qube _is_ compromissed... how do I prevent anything
valueable from leaking? ... how do I minimize ways things could leak?
(offline is a great answer if it makes sense in the context)
And then after all of the above: do your best to not be compromised,
use apparmor, be smart, use disposable vms for view/edit, audit your log
s
Have fun!
/Sven
- --
public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl7zaQAACgkQ2m4We49U
H7YibBAA1UdiGCFOseQ3Vvu9WLcgnN8k3S03xzbf0m5qbbnV+Gdd4D4b5uTrInDY
3o0+8oX32CssJWLWv2DhOye/DiQBrzSBg9FEl+VUMLyum0lQ040ltRddzrfuZI+N
JH9yQ7efMwGej8ejYZur7kvHrS0o+djNKHZ2yL1hWoAy/d2cvsE13yQLcd3Ynfco
/1hJ09oakFTZ0ItgqLl5sNGCjlks0Il3OjpvjAwb/86vBYD54VJARZup9ZEhxfv9
crlqKte22IWi6lIG1GdU2EUilje7HPN/AZ3xADg6AwpIBU29GEtYy1r/93esuhqB
2S2OzouyLAU09JOOAbH+aKQwjNZkKnKXABBYDukN9/T/lZDU28hlsECFcpd1NOM3
buXRjV/66ExslCVZ4QST49ykXBbTS6pN9cSrpdaHp7hHwSgZwKJJi7NEiAI95pGp
2WNU6dNCugUB4x42ugle2cIPHJOv1rOFSySNIpy/s+ubtlyPr9B99bxYMtBz5j6g
YXdANIrVrg8ijyFXSPe8ORA4ydgj05LEmBa672+0BYzQnbyXITvRuZt4QZTcGUTJ
OLC/nsi/1E2o6gHVIC5HnPqu8jvHbbFy/DPcnuySgjLMw9CWjZXh7+m+E+zFwqcp
ZJXlwFvmiRgk/huHUBzNwWpsn6F8KflNKMiyHa/y8v9oYLuEGvY=
=VkeP
-----END PGP SIGNATURE-----
Hash: SHA512
On 6/24/20 8:04 AM, Set Emeraude wrote:
> my assumption is that if its closed source, its backdoored by
> default
written or audited and compiled it yourself. And even then ... why do
you trust your compiler? It's not like that hasn't been done yet.
One of the many things I appreciate in the Qubes philosophy is that
you dramatically minimize the things you have to trust implicitly: the
XEN hypervisor, the HW virtualization and the Qubes team.
You should setup your qubes thinking that you are already thoroughly
compromised. How would you minimize damage then?
* email qube --> should contain only email and shouldn't be able to
talk to anything other than your email server (POP/IMAP and SMTP). You
might want to compartmentalize further (e.g. private email, work email)
* web --> this shouldn't contain anything valuable; compartmentalize
(e.g. banking --> https to bank only, stateful private, stateful work,
disposable for everything else) ... look into the "open in qube"
browser plugin.
* documents/photos/library --> there is no reason these qubes need to
be online ever; compartmentalize
* editing documents --> use disposable offline qubes for that
* firewall all online qubes ... only allow what you know is needed
(e.g. your dev qube might only need github.com)
Mindset: the qube _is_ compromissed... how do I prevent anything
valueable from leaking? ... how do I minimize ways things could leak?
(offline is a great answer if it makes sense in the context)
And then after all of the above: do your best to not be compromised,
use apparmor, be smart, use disposable vms for view/edit, audit your log
s
Have fun!
/Sven
- --
public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl7zaQAACgkQ2m4We49U
H7YibBAA1UdiGCFOseQ3Vvu9WLcgnN8k3S03xzbf0m5qbbnV+Gdd4D4b5uTrInDY
3o0+8oX32CssJWLWv2DhOye/DiQBrzSBg9FEl+VUMLyum0lQ040ltRddzrfuZI+N
JH9yQ7efMwGej8ejYZur7kvHrS0o+djNKHZ2yL1hWoAy/d2cvsE13yQLcd3Ynfco
/1hJ09oakFTZ0ItgqLl5sNGCjlks0Il3OjpvjAwb/86vBYD54VJARZup9ZEhxfv9
crlqKte22IWi6lIG1GdU2EUilje7HPN/AZ3xADg6AwpIBU29GEtYy1r/93esuhqB
2S2OzouyLAU09JOOAbH+aKQwjNZkKnKXABBYDukN9/T/lZDU28hlsECFcpd1NOM3
buXRjV/66ExslCVZ4QST49ykXBbTS6pN9cSrpdaHp7hHwSgZwKJJi7NEiAI95pGp
2WNU6dNCugUB4x42ugle2cIPHJOv1rOFSySNIpy/s+ubtlyPr9B99bxYMtBz5j6g
YXdANIrVrg8ijyFXSPe8ORA4ydgj05LEmBa672+0BYzQnbyXITvRuZt4QZTcGUTJ
OLC/nsi/1E2o6gHVIC5HnPqu8jvHbbFy/DPcnuySgjLMw9CWjZXh7+m+E+zFwqcp
ZJXlwFvmiRgk/huHUBzNwWpsn6F8KflNKMiyHa/y8v9oYLuEGvY=
=VkeP
-----END PGP SIGNATURE-----
Anil
Jun 25, 2020, 5:03:08 AM6/25/20
to Sven Semmler, qubes...@googlegroups.com
That really should be your assumption of all software unless you have
written or audited and compiled it yourself. And even then ... why do
you trust your compiler? It's not like that hasn't been done yet.
One of the many things I appreciate in the Qubes philosophy is that
you dramatically minimize the things you have to trust implicitly: the
XEN hypervisor, the HW virtualization and the Qubes team.
You should setup your qubes thinking that you are already thoroughly
compromised. How would you minimize damage then?
A really sound and honest advice for those who are really badly targeted is: Just don’t bother. Privacy and security are no longer for you. Learn to live without them completely.
Regards,
Anil Eklavya
अनिल एकलव्य
(Anil Eklavya)
(Anil Eklavya)
Reply all
Reply to author
Forward
0 new messages