On Wednesday, June 10, 2020 at 8:09:23 AM UTC-4, fiftyfour...@gmail.com wrote: > > On Wednesday, 10 June 2020 00:26:01 UTC+8, Dominique wrote: >> >> Hi, >> >> First step for me was to install the minimal template and use them >> instead of the complete template for service qubes (sys-net, sys-USB and >> sys-firewall). Information on minimal template can be found here: >> https://www.qubes-os.org/doc/templates/minimal/ >> >> Second step for me was building and using the mirage firewall instead of >> sys-firewall. Information on mirage can be found here: >> https://github.com/mirage/qubes-mirage-firewall/ >> >> Third step for me was random mac address and hostname. >> https://www.qubes-os.org/doc/anonymizing-your-mac-address/ >> >> That are things that I do on all my qubes laptop installation. After >> that, you can play with firewall rules, apparmor and other things. >> >> I would love to see a way to add IDS/IPS in qubes easily but did not have >> time to even check if someone did try to add IDS/IPS >> >> Have fun! >> >> Dominique >> >> On Tuesday, June 9, 2020 at 11:26:22 AM UTC-4, fiftyfour...@gmail.com >> wrote: >>> >>> Hi all, >>> >>> I took a break from setting up my Qubes OS machine and now I'm looking >>> to finish the job and actually settle in. I am familiar with the overall >>> layout and functions of the OS as a whole, but want to shore up the >>> security of my individual VMs, with Debian running everything except for >>> dom0. I know that isolation should do most of the work, but if further >>> hardening my VMs will add more hurdles for attackers while being of minimal >>> cost to me, why not? >>> >>> For now, I plan on proper firewalling, activating apparmor, installing >>> taskett-hardening, and reducing attack surfaces where possible. >>> >>> Specific question: how would one strip down non-app VMs (sys-net, >>> sys-USB, sys-firewall, whonix-gw) to minimize their attack surfaces? Aside >>> from common-sense hardening and operation of app VMs, these seem to be the >>> most exposed and therefore most vulnerable. >>> >>> More generally: what steps have you taken to harden your VMs? >>> >> > Hi Dominique, > > Thanks for the reply. So I take it you chose Mirage because a unikernel > firewall has a smaller attack surface compared to full-blown Linux? > > I'm a newbie, so I'm not even sure if these are IDS/IPS, but I'm thinking > of installing the tried-and-true trio of rkhunter, lynis, chkrootkit. > > I see the point in changing your mac address (already did it myself), but > why the hostname as well? Since it's not covered in that link, did you just > edit the config files of the template? > > (Re-posted since I committed the cardinal sin of top posting) >
Hi Changing the hostname is interesting especially for laptop. When you are connecting to any network, your hostname is sent with your MAC address to the DHCP server thus leaving a trace in the log of your presence on that network. Also, the sys-net hostname is very unique and stands out of a list of computer name like the default Windows computer name. Concerning the IDS/IPS (Intrustion Detection System/Intrusion Prevention System) I would be interesting to analyzing the traffic with a qubes and being able to alert or even create firewall rules on alert at one point. This is probably a big projet to do!!! And sorry for top posting, I am sending a lot of email and I am so used to click reply and start typing!!! Regards, Dominique -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7be2ea31-b26f-4426-9d2e-7e1f9ee80ba1o%40googlegroups.com.
