W dniu niedziela, 13 listopada 2016 21:39:29 UTC+1 użytkownik entr0py napisał: > taii...@gmx.com: > > Ideally you would want a blob free coreboot system with no Intel ME or AMD > > PSP type backdoors. > > https://www.coreboot.org/Binary_situation > > Intel is actively trying to nerf free software with Boot Guard/ME, if you > > buy a computer with those features it isn't really your computer. > > > > A backdoor in a modem is irrelevant, it is post WAN and should be > > considered part of the "internet". > > > > Right, I've always followed the advice to secure each pc as if it were > connected directly to the internet and not to rely on the router for any > security. > > But now I'm interested in actually building a secure router. One reason is > what you mentioned regarding Intel ME. Since Qubes 4.0 will require VT-d (and > unavoidably Intel ME) and the fact that it's cool to use new hardware, I'd > like to place a physical barrier to block ME signals. > > I had always imagined repurposing a Qubes PC to serve as a router, especially > because of the flexibility it has with chaining and branching multiple > transparent proxy VMs. But obviously now, it doesn't make any sense to use an > ME equipped machine as a router. > > So if I had a budget (for argument's sake) of $2000 to build a secure router > for 10-15 clients in a small business environment where maximum throughput is > not really an issue, what would you all advise? A libreboot machine? but then > what kind of OS could it run that could meaningfully isolate sys-net and > provide similar routing capabilities? > > TIA.
Have You considered running PfSense as Your main router OS on a dedicated box? You need a small PC with more than one network interface card. PfSense is open source, it's infinitely configurable and has an extensive plugin system to extend it beyond typical router capabilities. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b64882ec-e1ce-4a6d-8421-8f970d9a671c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
