> > 1st, I second all of this. > 2nd, I run a VPN off of the minimal template (technically a double vpn, > but it's probably overkill) > 3rd, on my todo list, create a scratch template with even less than the > minimal for these functions > 4th, only wired networking bc all the insecurity regarding wifi. > 5th, any applications I don't trust (like Zoom) I run off disposable vms. > 6th, don't have any hardware VMs running if you aren't actively using them > 7th, add a root password to all VMs > 8th, make sure your firewall disallows connections between VMs (granted > this is qubes default) > 9th, add outbound firewall rules to each VM as appropriate > 10th, don't tell people your qubes configuration (I'm kinda fucking up > that one right now :p) > 11th, use tor if you're seriously concerned about privacy (even though > that double vpn was overkill, and this probably moreso) > 12th, use both DNSSec and DNS over TLS > 13th, test dns leak with regards to vpn > 14th, reply in line and don't top post... Okay, not security, just good > manners > 15th, also strip down bios surface (remove possibilities of remote > connections, disable any hardware you aren't likely to use, etc.) > > Codially, > Emlay >
Hi Emlay, Thanks for sticking your neck out to help a newbie like me! Your list is very helpful and I'm grateful for it. I have two questions: 1) Is there a resource out there that teaches newbies how to configure minimal templates for different uses? e.g. For VPN, services, apps, etc. 2) If you're using a VPN (or two), wouldn't they provide DNS encryption services by default? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/64c3d3c0-c625-47b3-bf02-f5c2024a48c1o%40googlegroups.com.
