Hello Ron, Thank you for the feedback.
> Have you considered using SSHFS rather than > NFS? I'm no security expert, but it would > seem to me to be more secure than NFS. Actually yes, I thought about it after other mentioned that enabling NFS would offer another attack window. Even when I am unsure as I have but some encryption and firewall restrictions in place. The Access&Transfer VM is the only one connected to the internet and the NFS Storage VM. The other AppVMs who will connect to the storage VM don't have an online connection. >From my understanding an attacker must come through the Access&Transfer VM and >then attack the Storage VM. Unfortunately I don't how those attacks take place and how much time is necessary. It could be possible to launch the access&transfer VM only periodically just to sync the data. Keep in mind, that all data is encrypted from the view of the access+transfer VM. I'd like to setup firewall rules, which will only allow traffic from the access+transfer VM to the cloud storage provider, but this need some further investigation. As far as I understand Qubes Firewall GUI will not work with domain names but with IPs. Regarding sshfs I will give it a try, as ssh is used to connect remotly I am (reasonable) sure that it has less attack possibilities than NFS. Even when enabling inter-VM networking I feel more secure when I can keep my data encrypted+synced and have the data access separated in different VMs. [799] -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/_HKrGSpPkv_IGVU_nDSatjZ4QDQ6hwh-gT4QSoB4PQBtS3JIYwjXXpKVyGXELcaiaBLgo1y39vRZtqjP9gQYalHxJ0pLn2IHdrDe088ZrDQ%3D%40protonmail.com. For more options, visit https://groups.google.com/d/optout.
