Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-08-02 19:46:40 -04:00
Code Issues Projects Releases Packages Wiki Activity

Update qubes-community links to point to the forum

Browse source
This commit is contained in:
taradiddles 2023-08-15 09:34:37 +03:00
parent cf64a4bfcd
commit bd763623ca
59 changed files with 69 additions and 87 deletions
Download patch file Download diff file Expand all files Collapse all files

4
user/security-in-qubes/anti-evil-maid.md
View file

@ -39,7 +39,7 @@ For more information, see the [qubes-antievilmaid](https://github.com/QubesOS/qu
Security Considerations
-----------------------
[Qubes security guidelines](https://github.com/Qubes-Community/Contents/blob/master/docs/security/security-guidelines.md) dictate that USB devices should never be attached directly to dom0, since this can result in the entire system being compromised.
[Qubes security guidelines](https://forum.qubes-os.org/t/19075) dictate that USB devices should never be attached directly to dom0, since this can result in the entire system being compromised.
However, in its default configuration, installing and using AEM requires attaching a USB drive (i.e., [mass storage device](https://en.wikipedia.org/wiki/USB_mass_storage_device_class)) directly to dom0.
(The other option is to install AEM to an internal disk.
However, this carries significant security implications, as explained [here](https://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html).) This presents us with a classic security trade-off: each Qubes user must make a choice between protecting dom0 from a potentially malicious USB drive, on the one hand, and protecting the system from Evil Maid attacks, on the other hand.
@ -50,7 +50,7 @@ Therefore, it is up to each individual Qubes user to evaluate the relative risk
For example, a user who frequently travels with a Qubes laptop holding sensitive data may be at a much higher risk of Evil Maid attacks than a home user with a stationary Qubes desktop.
If the frequent traveler judges her risk of an Evil Maid attack to be higher than the risk of a malicious USB device, she might reasonably opt to install and use AEM.
On the other hand, the home user might deem the probability of an Evil Maid attack occurring in her own home to be so low that there is a higher probability that any USB drive she purchases is already compromised, in which case she might reasonably opt never to attach any USB devices directly to dom0.
(In either case, users can--and should--secure dom0 against further USB-related attacks through the use of a [USB VM](https://github.com/Qubes-Community/Contents/blob/master/docs/security/security-guidelines.md#creating-and-using-a-usbvm).)
(In either case, users can--and should--secure dom0 against further USB-related attacks through the use of a [USB VM](https://forum.qubes-os.org/t/19075#creating-and-using-a-usbvm).)
For more information, please see [this discussion thread](https://groups.google.com/d/msg/qubes-devel/EBc4to5IBdg/n1hfsHSfbqsJ).

2
user/security-in-qubes/firewall.md
View file

@ -88,7 +88,7 @@ The sys-firewall-2 proxy ensures that:
If you adopt this model, you should be aware that all traffic will arrive at the `network service qube` appearing to originate from the IP address of `sys-firewall-2`.
For the VPN service please also look at the [VPN documentation](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md).
For the VPN service please also look at the [VPN documentation](https://forum.qubes-os.org/t/19061).
Enabling networking between two qubes
-------------------------------------