From 09803e9e188c5b97122bb5a86142f5a2ec004b12 Mon Sep 17 00:00:00 2001 From: Michael Carbone Date: Sun, 5 Mar 2017 11:07:00 -0500 Subject: [PATCH 1/2] remove "TODO" Firewall and Proxy VM section or else link to existing content. --- system/networking.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/system/networking.md b/system/networking.md index d11bc5b8..6dcf2620 100644 --- a/system/networking.md +++ b/system/networking.md @@ -52,8 +52,3 @@ Note that in order to isolate `netvm` properly, the platform must support VTd an When using `netvm`, there is no network connectivity in dom0. This is the desired configuration - it eliminates all network-bourne attacks. Observe that dom0 is meant to be used for administrative tasks only, and (with one exception) they do not need network. Anything not related to system administration should be done in one of AppVMs. The above-mentioned exception is the system packages upgrade. Again, one must not install random applications in dom0, but there is a need to e.g. upgrade existing packages. While one may argue that the new packages could be downloaded on a separate machine and copied to dom0 via a pendrive, this solution has its own problems. Therefore, the advised method to temporarily grant network connectivity to dom0 is to use *qvm-dom0-network-via-netvm up* command. It will pause all running VMs (so that they can do no harm to dom0) and connect dom0 to netvm network just like another AppVM. Having completed package upgrade, execute *qvm-dom0-network-via-netvm down* to revert to the normal state. - -Firewall and Proxy VMs ----------------------- - -TODO From 5a9c96c093d83835475c66fcac64ab69990b9a0c Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sun, 5 Mar 2017 17:01:57 -0800 Subject: [PATCH 2/2] Remove "Location of the network driver domain" section --- system/networking.md | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/system/networking.md b/system/networking.md index 6dcf2620..9fce8984 100644 --- a/system/networking.md +++ b/system/networking.md @@ -40,15 +40,4 @@ Network driver domain routing table is a bit longer: |192.168.0.0|0.0.0.0|255.255.255.0|U|1|0|0|eth0| |0.0.0.0|192.168.0.1|0.0.0.0|UG|0|0|0|eth0| -Location of the network driver domain -------------------------------------- -Traditionally, the network driver domain is dom0. This design means that a lot of code (networking stack, drivers) running in the all-powerful domain is exposed to potential attack. Although it is supported (one can execute *qvm-set-default-netvm dom0*), it is strongly discouraged. - -Instead, a dedicated domain called `netvm` should be used. In order to activate it, one needs to install the `qubes-servicevm-netvm` rpm package, and enable it via command *qvm-set-default-netvm netvm*. This domain will be assigned all PCI devices that are network cards. One can interact with the *Networkmanager* daemon running in `netvm` in the same way as with any other VM GUI application (with one detail that *nm-applet* requires a system tray, thus one needs to start it via "KDEMenu-\>Applications-\>Netvm-\>Show Tray"). - -Note that in order to isolate `netvm` properly, the platform must support VTd and it must be activated. Otherwise, compromised `netvm` can use DMA to get control over dom0 and even the hypervisor. - -When using `netvm`, there is no network connectivity in dom0. This is the desired configuration - it eliminates all network-bourne attacks. Observe that dom0 is meant to be used for administrative tasks only, and (with one exception) they do not need network. Anything not related to system administration should be done in one of AppVMs. - -The above-mentioned exception is the system packages upgrade. Again, one must not install random applications in dom0, but there is a need to e.g. upgrade existing packages. While one may argue that the new packages could be downloaded on a separate machine and copied to dom0 via a pendrive, this solution has its own problems. Therefore, the advised method to temporarily grant network connectivity to dom0 is to use *qvm-dom0-network-via-netvm up* command. It will pause all running VMs (so that they can do no harm to dom0) and connect dom0 to netvm network just like another AppVM. Having completed package upgrade, execute *qvm-dom0-network-via-netvm down* to revert to the normal state.