Sup Forums we have to write a mockup policy for secure personal daily computing. What do you think?

Sup Forums we have to write a mockup policy for secure personal daily computing. What do you think?

Host OS: Ubuntu Gnome Linux (or any that supports VMWare or your desired virtualization tool).

Using VMWare, create two VMS: Windows 10 and Arch/Gentoo/Debian Minimal. (You may use KVM or any virtualization solution that supports virtual networking).

The host drive is encrypted with a computer generated passphrase. This passphrase is only stored on paper or kept in a symettrically encrypted file for backup purposes. The Host OS is where you can keep critical files like Password Manager databases and other documents. One should keep this updated and minimize the installed programs. Enabling non-official repositories on the Host is not allowed. Restricted extras should not be installed.

Windows 10 VM is used for Office Tools only and its network is either isolated and host-only (for transferring files). This minimizes the privacy problems with Windows 10. A clean snapshot after a fresh install is created. For extra protection: always revert to clean snapshop after Office word is completed and always detach from the host and isolate as often as possible.

The second VM is for daily use. One can install a lightweight manager in ther choice of Linux for snappier performance. Or one can install any DE of choice. Install ClamAV and Snort and enable firewall rules as usual. Install necessary software like a browser. After the DE is chosen and the system is updated, network is established, make a clean snapshot. For extra protection: you can revert to a clean snapshot but take care when doing so after applying critical updates, you will have to update again after reverting to a clean snapshot. This VM will be your main internet VM. It's rather safe and you may use it for banking provided everything is updated.

Alternatives: upon research we discovered QuebesOS which implements this idea but at a much more efficient fashion. we hope to explore this operating soon.

Other urls found in this thread:

hackaday.com/2016/11/28/neutralizing-intels-management-engine/
twitter.com/AnonBabble

Install Gentoo

Yes thats in my policy

what
you literally wrote all that pointless shit to say that QubesOS does it better?

QuebesOS is not better per-se,it's more quipped for literally using VM for every task. In our class.we have to focus on VMware. I don't know what QuebesOS uses, I thinking KVM?

Step 1: do not use proprietary virtualization tools

I know but my proff teaches using VMWare. We talked about how it would seek updates even when told not to. For the sake of instruction VMware is easier. I would use KVM and use either cli or virt-manager to handle VMS.

T H I C C

I'd mock her up, if you know what I mean

thanks

S H I T - E Y E D
What about hardware security? Poisontap, DMA?

for what?

>This passphrase is only stored on paper or kept in a symettrically encrypted file for backup purposes.
I'd use a cert with a good passphrase, and/or stored on a yubikey or similar device

>Windows 10 VM is used for Office Tools only and its network is either isolated and host-only (for transferring files)
even a host-only network might open up some holes, what if your host has accessible network drives or other services? use the vm-provided copy and paste tools, shared folders, stuff like that

how secure does it have to be anways? some things sound overkill, some sound "eh"

>even a host-only network might open up some holes, what if your host has accessible network drives or other services?

True. Thats why I also addded either host-only and detached from the NIC or just isolated

Hmm who is this qt? What a nice pair of tits she has there.

>Hmm who is this qt? What a nice pair of tits she has there.
a pornstar that fucks BBCs

>BBCs
Nope I'm gone

If you're not doing anything about ME or Trustzone and relying on AES in any way, you're fucked.

>ME or Trustzone
Enlighten me

>AES
Okay so it was DoD project? You cant trust it?

she doesn't make normal nonfetish porn?

whas her name?

How to watch porn without getting virii

MILKIE

>Enlighten me
They're both blackboxes with remote access that supercede everything you've outlined so far. There has been some good work on getting around ME for now. Might want to take advantage of that before it's closed, provided you're using such a processor.
>Okay so it was DoD project? You cant trust it?
I'm just letting you know that it provides no security whatsoever.

Joanna Rutkowska wrote an article or presentation about securing both hardware and software. Look up on QubesOS website.

btt
a very nice setup

have to add for phisical security
two factor authentication for bootup
and encrypted LVM

quuebesOS has very specific hardware limitations. never tried it but documented support for hardware on the site is kinda difficult to archive.


has anyone expirience with unraid?

Kylie Page

>I'm just letting you know that it provides no security whatsoever.

Because you can brute the passphrase?

>They're both blackboxes with remote access that supercede everything you've outlined so far

Cool.. how about a link to some material? I watnt to try it

that's advertisers for you

>brute
No, that's not very elegant.
>link
hackaday.com/2016/11/28/neutralizing-intels-management-engine/

Windows 7


Pycharm, intelliJ, Notepad++, Adobe(for PS/AI/PR/AE/XD)

and plays all the games


with Linux it's always messing around until you get it working for your specific needs, then it's smooth sailing but you always still need Windows on a VM because of X program.

In the end due to programming tools and schemes becoming more system-agnostic there's less and less reason to use Linux on the line work expect for really niche situations which for most workers is not the case, or due to savings from no licenses or subscriptions

if they want to take my info to give me targeted ads, then go ahead, at least they will be slightly more relevant than the 1,000,000th visitor prize things

how is AES not secure?

thanks for ling

Didn't read the thread, but thanks for the pic

Damn I thought this was a porn bait thread. I forgot Sup Forums hates 3D.

Holy shit those are some very noice tiddies. They look natural too.

Nah nah, we don't hate 3D 100%, there are always gems like this even hardcore weaboos like us can't hate.

nowhere in that do you tell me what your threat model is. Who is this supposed to be secure against? Nosy family members? Ad companies? Law enforcement? Criminal hackers? Intelligence agencies?

General daily use as in minimizing the effects of malware when it does goes through

I guess primarily web based threats as it's a desktop Os

i guess its a general data safety guide.
how to minimize your attack surface. as technology develops thread modells get outdated because copying tacics from other sources of danger gets easier.

inb4 selfish bump
someone has anything else to contribute? what about the browser?
>always put the browser in firejail

Do not enable javascript
Destroy cookies
Don't download or click that link