Chris wrote: > Especially if you did the sharing via a separate vpn or ssh tunnel. But > in general, I don't think Qubes security should be considered much if > any benefit to adjacent non-Qubes systems.
I'm curious as to why you would say this. Any additional firewall between a Laptop and the network is a plus for security, and with Qubes isolating the NIC in a virtual machine, its safer from compromise than a typical firewall. Now, some firewalls, such as shorewall running on a Linux box, might have slicker and more advanced/flexible firewall configuration than Qubes, the network card isolation is a huge boost to security in my eyes. And there's nothing stopping you from running shorewall or another firewall in your sys-firewall, to get the combined benefits of both approaches. While I like the simplicity of Qubes' firewall config, I'd actually like to see more powerful firewall/iptables configuration, as well as having it locked down to a greater degree by default (such as with Tails' iptables configuration). Similarly, I'd like to see apparmor installed and configured tightly with Qubes by default. (Again, Tails is a good example of including apparmor support by default, although they inexplicably exclude the "extra" profiles, which include chromium and some other useful/critical profiles, IMO. Maybe its for performance reasons, but it still seems crazy [almost suspicious, lol] not to include them.) Qubes NIC isolation + iptables + apparmor can make a system incredibly secure against breaches. While Qubes' isn't designed as a firewall for other computers/devices, it strikes me as having the potential to be a safer firewall base than the alternatives. JJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/598dca948a53984b3391d5b33cb580b8.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
