Changes between Version 2 and Version 3 of org/meetings/2016SummerDevMeeting/[org/meetings/2016SummerDevMeeting/Notes/SecureOSOverview


Ignore:
Timestamp:
Sep 30, 2016, 10:27:21 PM (3 years ago)
Author:
dcf
Comment:

Moved to org/meetings/2016SummerDevMeeting/Notes/SecureOSOverview. This page's URL had a stray '[' character.

Legend:

Unmodified
Added
Removed
Modified
  • org/meetings/2016SummerDevMeeting/[org/meetings/2016SummerDevMeeting/Notes/SecureOSOverview

    v2 v3  
    1 Topic: Qubes! secure operating systems!
    2 
    3 Qubes
    4 TAILS
    5 Subgraph
    6 Whonix
    7 
    8 
    9 All are different, work in different ways, have different use cases.
    10 
    11 ----
    12 
    13 [[https://tails.boum.org/|Tails]]
    14 
    15 live distribution, you don't (typically?) install it. Boot from USB
    16 instead.  You can have a persistent volume too (folder of persistent
    17 data, encrypted, etc).
    18 
    19 Aims for anonymity.   Secondary operating system for when you want
    20 as much anonymity as possible.  Try to not leave any traces on
    21 computer.
    22 
    23 based on debian. All users named "amnesia"
    24 
    25 All stuff transparently torified (!)
    26 
    27 Apparmor rules for everything
    28 
    29 Limit impact of remote exploits.  If somebody gets an RCE in TB,
    30 they have to break through apparmor, get root, etc.
    31 
    32 built into securedrop process.
    33 
    34 (Discussion on wisdom of TAILS-on-vm. Virtualization support so-so.)
    35 
    36 ----
    37 
    38 [[https://subgraph.com/sgos/|Subgraph]]
    39 
    40 Main OS you run, designed to be installed on computer
    41 
    42 Hardened debian.  Uses hardened kernel with grsecurity packages
    43 
    44 Ideally, kernel notices and prevents RCE attempts in processes.
    45 e
    46 Extra sandboxing over a set of applications that the subgraph devs
    47 manage.  (Thunderbird, libreoffice, evince, torbrowser, etc.)  Even if
    48 RCE gets through, sandbox limits impact of hack.
    49 
    50 All traffic goes over Tor. (Tails-like in that sense)
    51 
    52 Subgraph and tails have untrusted browsers to handle captive
    53 portals. But not so much support for sepating network contexts.
    54 
    55 (What do Tails and subgraph use for torrifying?)
    56 
    57 ----
    58 
    59 [[https://www.whonix.org/|Whonix]]
    60 
    61 Distributed 2 ways: as part of qubes, or as virtualbox images.
    62 
    63 As vbox images, workstation image and net image.  Workstation VM only
    64 sees network through net image.
    65 
    66 ----
    67 
    68 [[https://www.qubes-os.org/|Qubes]]
    69 
    70 everyday OS, you install it on your computer
    71 
    72 Use proxy "Net VMs" to relay user traffic through VPN/Tor/etc.  VMs
    73 where app runs don't even know about real IP.  Only one NetVM is allowed
    74 to see the network.
    75 
    76 No host OS.  Host OS is VM-management environment.  More protection
    77 against evil USB stacks, evil wireless cards, etc.
    78 
    79 Dom0 is Qubes host. Not network connected.
    80 
    81 Exploit impact limited to one VM (unless they can attack the hypervisor).
    82 
    83 
    84 AppVM can can write to /home, but not to root FS.  Not every App needs
    85 network.
    86 
    87 Template VM is base that can get cloned to make App VMs etc.
    88 
    89 Qubes-gpg-wrapper: call out to a gpg in a separate VM.
    90 
    91 Good GUI integration.
    92 
    93 Dev environment --  one VM.  Treat it as a computer.  But when doing
    94 other stuff, use other VM.  etc etc.
    95 
    96 Disposable VMs to use for untrusted pdfs, etc.
    97 
    98 Fresh RW homedir for each new VM.
    99 
    100 Yubikeys do work.
    101 
    102 What can you just not do:
    103   - No gaming. No 3D acceleration.
    104   - No sound on windows
    105   - No MacOS
    106   - Poor support for USB devices
    107 
    108 Who can figure it out and use it?
    109   - Claim: not so much harder than, say, ubuntu.
    110   - Just so long as theyr'e not trying to use external devices much or
    111     set up a printer or whatever.
    112 
    113 
    114 File explorer in each VM has a "copy this file to another VM" thing.
    115 Then Dom0 asks you for permission.
    116 
    117 Copy-and-paste across VMs is possible.
    118 
    119 Backups actually work!  AND YOU CAN RESTORE!!!!!!!!!!
    120 
     1Moved to [[org/meetings/2016SummerDevMeeting/Notes/SecureOSOverview]].