Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-01-13 16:29:59 -05:00
Code Issues Packages Projects Releases Wiki Activity

SecurityGuidelines changed

Browse Source 
convert to links to allow linking to wiki:TracLinks#Linkanchors and avoid hardlinks to qubes-os.org
This commit is contained in:
Hakisho Nukama 2014-04-27 15:46:38 +00:00
parent 5199cd7b8d
commit c1dcf77567
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
SecurityGuidelines.md
View File

@ -7,9 +7,9 @@ permalink: /wiki/SecurityGuidelines/
Security Guidelines
===================
The [Qubes introduction](http://theinvisiblethings.blogspot.com/2012/09/introducing-qubes-10.html) makes clear that without some active and responsible participation of the user, no real security is possible. So, for example, Qubes does not automagically make your Firefox (or any other app) running in one of the AppVMs suddenly more secure. It is just as [secure (or insecure)](https://en.wikipedia.org/wiki/Computer_insecurity) as on a normal Linux or Windows OS. But what drastically changes is the context in which your applications are used. [This context](http://qubes-os.org/trac/wiki/QubesArchitecture) is a [responsibility of the user](http://qubes-os.org/trac/wiki/SecurityGoals). But participation requires knowledge. So it is worth stressing some basic items:
The [Qubes introduction](http://theinvisiblethings.blogspot.com/2012/09/introducing-qubes-10.html) makes clear that without some active and responsible participation of the user, no real security is possible. So, for example, Qubes does not automagically make your Firefox (or any other app) running in one of the AppVMs suddenly more secure. It is just as [secure (or insecure)](https://en.wikipedia.org/wiki/Computer_insecurity) as on a normal Linux or Windows OS. But what drastically changes is the context in which your applications are used. [This context](/wiki/QubesArchitecture) is a [responsibility of the user](/wiki/SecurityGoals). But participation requires knowledge. So it is worth stressing some basic items:
**1.** **Verify authenticity and integrity of your downloads**, [particularly Qubes iso](https://qubes-os.org/trac/wiki/VerifyingSignatures).
**1.** **Verify authenticity and integrity of your downloads**, [particularly Qubes iso](/wiki/VerifyingSignatures).
Standard program installation
@ -65,13 +65,13 @@ or use the equivalent items in Qubes Manager, which displays an icon when an upd
**6.** When you receive or download any file from an **untrusted source**, do not browse to it with a file manager which has preview enabled. **To disable preview in Nautilus**: Gear (up-right-icon) -\> Preferences -\> Preview (tab) -\> Show thumbnails: Never. Note that this change can be made in a TemplateVM (including the [DispVM template](/wiki/UserDoc/DispVMCustomization)) so that future AppVMs created from this TemplateVM will inherit this feature.
Also, **do not open it in trusted VMs**. Rather open it in a **disposable VM** right-clicking on it. You may even modify it within the disposable VM and then [copy it to other VM](https://qubes-os.org/trac/wiki/CopyingFiles).
Also, **do not open it in trusted VMs**. Rather open it in a **disposable VM** right-clicking on it. You may even modify it within the disposable VM and then [copy it to other VM](/wiki/CopyingFiles).
Alternatively PDFs may be converted to **trusted PDF** right clicking on them. This converts text to graphic form, so size will increase.
**7.** If there is a risk that somebody may **physically attack** your computer when you leave it powered down, or if you use Qubes in **dual boot mode**, then you may want to [install AEM](https://qubes-os.org/trac/wiki/AntiEvilMaid) (Anti Evil Maid). AEM will inform you of any unauthorized modifications to your BIOS or boot partition. If AEM alerts you of an attack it is really bad news because **there is no true fix**. If you are really serious about security you have to buy a new laptop and install Qubes from a trusted ISO. So buying a used laptop is not an option for a security focused one.
**7.** If there is a risk that somebody may **physically attack** your computer when you leave it powered down, or if you use Qubes in **dual boot mode**, then you may want to [install AEM](/wiki/AntiEvilMaid) (Anti Evil Maid). AEM will inform you of any unauthorized modifications to your BIOS or boot partition. If AEM alerts you of an attack it is really bad news because **there is no true fix**. If you are really serious about security you have to buy a new laptop and install Qubes from a trusted ISO. So buying a used laptop is not an option for a security focused one.
**8.** Before you [assign a USB controller to a VM](https://qubes-os.org/trac/wiki/AssigningDevices) check if any **input devices** are included in that controller.
**8.** Before you [assign a USB controller to a VM](/wiki/AssigningDevices) check if any **input devices** are included in that controller.
Assigning USB keyboard will **deprive Dom0 VM of a keyboard**. Since a USB controller assignment survives reboot, you may find yourself **unable to access your system**. Most non-Apple laptops have a PS/2 input for keyboard and mouse, so this problem does not exist.
@ -91,7 +91,7 @@ To avoid this risk it is possible to prepare and utilize a **USBVM**. However th
Also avoid it if you do not have a **USB controller free of input devices** or programmable devices. However, as already noted most laptops use PS-2 for keyboards and touchpad devices which do not cause problems.
An **USBVM** operates like a dedicated temporary parking area, used just to prevent any contact between dom0 and the USB drive. Then, every time you connect an **untrusted USB external drive** to a USB port managed by that USB controller, you need to attach it to the VM that needs it, using qubes manager or [terminal](https://qubes-os.org/trac/wiki/StickMounting). Again, this **works only for disk-like USB devices**. Other devices cannot be currently virtualized. So once you assign their controller to your **USBVM** they'll be no more available.
An **USBVM** operates like a dedicated temporary parking area, used just to prevent any contact between dom0 and the USB drive. Then, every time you connect an **untrusted USB external drive** to a USB port managed by that USB controller, you need to attach it to the VM that needs it, using qubes manager or [terminal](/wiki/StickMounting). Again, this **works only for disk-like USB devices**. Other devices cannot be currently virtualized. So once you assign their controller to your **USBVM** they'll be no more available.
**The process for creating a USBVM** is: