Sup Forums we have to write a mockup policy for secure personal daily computing. What do you think?
Host OS: Ubuntu Gnome Linux (or any that supports VMWare or your desired virtualization tool).
Using VMWare, create two VMS: Windows 10 and Arch/Gentoo/Debian Minimal. (You may use KVM or any virtualization solution that supports virtual networking).
The host drive is encrypted with a computer generated passphrase. This passphrase is only stored on paper or kept in a symettrically encrypted file for backup purposes. The Host OS is where you can keep critical files like Password Manager databases and other documents. One should keep this updated and minimize the installed programs. Enabling non-official repositories on the Host is not allowed. Restricted extras should not be installed.
Windows 10 VM is used for Office Tools only and its network is either isolated and host-only (for transferring files). This minimizes the privacy problems with Windows 10. A clean snapshot after a fresh install is created. For extra protection: always revert to clean snapshop after Office word is completed and always detach from the host and isolate as often as possible.
The second VM is for daily use. One can install a lightweight manager in ther choice of Linux for snappier performance. Or one can install any DE of choice. Install ClamAV and Snort and enable firewall rules as usual. Install necessary software like a browser. After the DE is chosen and the system is updated, network is established, make a clean snapshot. For extra protection: you can revert to a clean snapshot but take care when doing so after applying critical updates, you will have to update again after reverting to a clean snapshot. This VM will be your main internet VM. It's rather safe and you may use it for banking provided everything is updated.
Alternatives: upon research we discovered QuebesOS which implements this idea but at a much more efficient fashion. we hope to explore this operating soon.
what you literally wrote all that pointless shit to say that QubesOS does it better?
Carson Sanchez
QuebesOS is not better per-se,it's more quipped for literally using VM for every task. In our class.we have to focus on VMware. I don't know what QuebesOS uses, I thinking KVM?
Carson Morgan
Step 1: do not use proprietary virtualization tools
Matthew Rivera
I know but my proff teaches using VMWare. We talked about how it would seek updates even when told not to. For the sake of instruction VMware is easier. I would use KVM and use either cli or virt-manager to handle VMS.
Justin Perez
T H I C C
Thomas Peterson
I'd mock her up, if you know what I mean
Jace Robinson
thanks
Elijah Lopez
S H I T - E Y E D What about hardware security? Poisontap, DMA?
Eli Flores
for what?
Xavier Perry
>This passphrase is only stored on paper or kept in a symettrically encrypted file for backup purposes. I'd use a cert with a good passphrase, and/or stored on a yubikey or similar device
>Windows 10 VM is used for Office Tools only and its network is either isolated and host-only (for transferring files) even a host-only network might open up some holes, what if your host has accessible network drives or other services? use the vm-provided copy and paste tools, shared folders, stuff like that
how secure does it have to be anways? some things sound overkill, some sound "eh"
Andrew Moore
>even a host-only network might open up some holes, what if your host has accessible network drives or other services?
True. Thats why I also addded either host-only and detached from the NIC or just isolated
Juan Wilson
Hmm who is this qt? What a nice pair of tits she has there.
Christopher Sanchez
>Hmm who is this qt? What a nice pair of tits she has there. a pornstar that fucks BBCs
Cooper Mitchell
>BBCs Nope I'm gone
Carter Walker
If you're not doing anything about ME or Trustzone and relying on AES in any way, you're fucked.
Liam Jackson
>ME or Trustzone Enlighten me
>AES Okay so it was DoD project? You cant trust it?
Juan Brooks
she doesn't make normal nonfetish porn?
Aiden Thomas
whas her name?
Josiah Thomas
How to watch porn without getting virii
Julian Lewis
MILKIE
Angel Ward
>Enlighten me They're both blackboxes with remote access that supercede everything you've outlined so far. There has been some good work on getting around ME for now. Might want to take advantage of that before it's closed, provided you're using such a processor. >Okay so it was DoD project? You cant trust it? I'm just letting you know that it provides no security whatsoever.
Wyatt Ortiz
Joanna Rutkowska wrote an article or presentation about securing both hardware and software. Look up on QubesOS website.
Brandon Rivera
btt a very nice setup
have to add for phisical security two factor authentication for bootup and encrypted LVM
quuebesOS has very specific hardware limitations. never tried it but documented support for hardware on the site is kinda difficult to archive.
has anyone expirience with unraid?
Nicholas Roberts
Kylie Page
Benjamin Rivera
>I'm just letting you know that it provides no security whatsoever.
Because you can brute the passphrase?
>They're both blackboxes with remote access that supercede everything you've outlined so far
Cool.. how about a link to some material? I watnt to try it
with Linux it's always messing around until you get it working for your specific needs, then it's smooth sailing but you always still need Windows on a VM because of X program.
In the end due to programming tools and schemes becoming more system-agnostic there's less and less reason to use Linux on the line work expect for really niche situations which for most workers is not the case, or due to savings from no licenses or subscriptions
if they want to take my info to give me targeted ads, then go ahead, at least they will be slightly more relevant than the 1,000,000th visitor prize things
Jayden Anderson
how is AES not secure?
thanks for ling
Robert Howard
Didn't read the thread, but thanks for the pic
Austin Barnes
Damn I thought this was a porn bait thread. I forgot Sup Forums hates 3D.
Nolan Gutierrez
Holy shit those are some very noice tiddies. They look natural too.
Gavin Anderson
Nah nah, we don't hate 3D 100%, there are always gems like this even hardcore weaboos like us can't hate.
Leo Lee
nowhere in that do you tell me what your threat model is. Who is this supposed to be secure against? Nosy family members? Ad companies? Law enforcement? Criminal hackers? Intelligence agencies?
Ryder Cruz
General daily use as in minimizing the effects of malware when it does goes through
I guess primarily web based threats as it's a desktop Os
Luis Sanchez
i guess its a general data safety guide. how to minimize your attack surface. as technology develops thread modells get outdated because copying tacics from other sources of danger gets easier.
inb4 selfish bump someone has anything else to contribute? what about the browser? >always put the browser in firejail
Angel Baker
Do not enable javascript Destroy cookies Don't download or click that link