Qubes for Organizational Security Auditing (talk notes) revisions

Go back to topic: Qubes for Organizational Security Auditing (talk notes)

v6 anchor; v6 full version
email was probably only for talk's private audience v5 anchor; v5 full version
v4 anchor; v4 full version
v3 anchor; v3 full version
v2 anchor; v2 full version

Revision #6

Edited on: 2023-09-07
Edited by user: deeplow

Revision #5

Edited on: 2021-02-27
Edited by user: deeplow
Edit reason: email was probably only for talk's private audience

Contact ~~`harlo [at] freedom.press` or~~ on twitter [@harlo](https://twitter.com/harlo)

Contact Harlo on twitter [@harlo](https://twitter.com/harlo)

Revision #4

Edited on: 2020-09-03
Edited by user: deeplow

These are text notes that I made from a presentation Harlo Holmes from Freedom of The Press Foundation (FPF) gave at the HOPE 2020 conference: [~~QubesOS~~ for Organizational Security Auditing](https://archive.org/details/hopeconf2020/20200730_1600_QubesOS_for_Organizational_Security_Auditing.mp4). The talk mainly about explaining how Qubes is ideal for this use-case and showing off the tooling Harlo uses to do security audits on Qubes as [part of the Digital Security Team at FPF](https://freedom.press/people/harlo-holmes/).

These are text notes that I made from a presentation Harlo Holmes from Freedom of The Press Foundation (FPF) gave at the HOPE 2020 conference: [Qubes OS for Organizational Security Auditing](https://archive.org/details/hopeconf2020/20200730_1600_QubesOS_for_Organizational_Security_Auditing.mp4). The talk mainly about explaining how Qubes is ideal for this use-case and showing off the tooling Harlo uses to do security audits on Qubes as [part of the Digital Security Team at FPF](https://freedom.press/people/harlo-holmes/).

Revision #3

Edited on: 2020-09-03
Edited by user: deeplow

Qubes takes a "lego-block" approach to networking meaning that if you have an application running on a qube that is connected to the internet, it's not connected directly to the Internet. Instead it's first connected to a ~~Qube~~ called `sys-firewall` - a ~~Qube~~ with a firewall dedicated to keep connection the various application qubes you might run separate from one-another. And then `sys-firewall` connects to yet another VM called `sys-firewall`, which is a [Hardware-assisted Virtual Machine](https://qubes-os.org/doc/glossary/#hvm) (`HVM`) - and that allows it to interact with all of the radios, Ethernet card or anything that physically allows you to connect to the internet.	Qubes takes a "lego-block" approach to networking meaning that if you have an application running on a qube that is connected to the internet, it's not connected directly to the Internet. Instead it's first connected to a qube called `sys-firewall` - a qube with a firewall dedicated to keep connection the various application qubes you might run separate from one-another. And then `sys-firewall` connects to yet another VM called `sys-firewall`, which is a [Hardware-assisted Virtual Machine](https://qubes-os.org/doc/glossary/#hvm) (`HVM`) - and that allows it to interact with all of the radios, Ethernet card or anything that physically allows you to connect to the internet.
The ~~Qube~~ is not connected to any firewall proxy (like `sys-firewall`), so there is a bit more elevated risk - but this is the only actual way to probe the network while using Qubes.	The qube is not connected to any firewall proxy (like `sys-firewall`), so there is a bit more elevated risk - but this is the only actual way to probe the network while using Qubes.
This ~~Qube~~ gets attached a USB WiFi network peripheral (you don't want to mess anything up with your `sys-net`)	This qube gets attached a USB WiFi network peripheral (you don't want to mess anything up with your `sys-net`)
One example of how this happens is in the full exporting of the ~~analysis~~ Qube to encrypted cold storage after we're done with the analysis.	One example of how this happens is in the full exporting of the Analysis Qube to encrypted cold storage after we're done with the analysis.

Revision #2

Edited on: 2020-08-24
Edited by user: deeplow

## Going beyond this setup There are a few things you can also explore to go beyond this ~~basic~~ configuration. ### Create your own RPC Policies	# Going beyond this setup There are a few things you can also explore to go beyond this basic configuration. Here are some examples you can explore. ## Create your own RPC Policies
### Make one-way communication from Net Recon Qube -> Analysis Qube	## Make one-way communication from Net Recon Qube -> Analysis Qube
### Make your templates reproducible	## Make your templates reproducible
### Set data-retention policies	## Set data-retention policies