Complete the second part draft

opsec/qubesosnetwork/index.html

@@ -0,0 +1,203 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="">
+    <meta name="author" content="">
+    <link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
+
+    <title>Qubes OS network</title>
+
+    <!-- Bootstrap core CSS -->
+    <link href="../../assets/css/bootstrap.css" rel="stylesheet">
+	<link href="../../assets/css/xt256.css" rel="stylesheet">
+    
+    
+
+    <!-- Custom styles for this template -->
+    <link href="../../assets/css/main.css" rel="stylesheet">
+
+    
+
+    <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
+    <!--[if lt IE 9]>
+      <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
+      <script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
+    <![endif]-->
+  </head>
+
+  <body>
+
+    <!-- Static navbar -->
+    <div class="navbar navbar-inverse-anon navbar-static-top">
+      <div class="container">
+        <div class="navbar-header">
+          <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+          </button>
+          <a class="navbar-brand-anon" href="\index.html">The Nihilism Blog</a>
+        </div>
+        <div class="navbar-collapse collapse">
+          <ul class="nav navbar-nav navbar-right">
+
+            <li><a  href="/about.html">About</a></li>
+            <li><a  href="/blog.html">Categories</a></li>
+<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
+            <li><a  href="/contact.html">Contact</a></li>
+          </ul>
+        </div><!--/.nav-collapse -->
+        
+      </div>
+    </div>
+
+	<!-- +++++ Posts Lists +++++ -->
+	<!-- +++++ First Post +++++ -->
+	<div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+  					<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist - 00 / 00 / 00</ba></p>
+<h1>Qubes OS network </h1>
+<p> We will show some examples of qubes network setup for creating different purpose online identities in this tutorial</p>          
+	       </div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /grey -->
+
+	<!-- +++++ Second Post +++++ -->
+	<div id="anon3">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Some glossary </b></h2>
+<p>For Qubes OS there are something you need to know, otherwise you will be really confused when using the OS</p>
+<p>0.Xen: Everything that Qubes OS built on this, a type 2 hyervisor</p>
+<p>1.qube: That is basically a vm, each qube is intended to do a single task for isolation. But it is not quite like the common vm you used to see on vmware or virtualbox</p>
+<p>2.dom0: This is the admin vm, it is still a vm, but it is very special vm with all the tools to control the entire machine. It never connects to the network and no files from other qubes should touch it, once it gets compromised you are done</p>
+<img src="structure.png" class="imgRz" style="width: 400px">
+
+<p>3.Template VM: Template VM is like the concept of "class" in programming language, you will install all the applications you like in template vm, and appvm will simply share the root partition with the template vm, so appvm only needs to keeps its own /home directory, this greatly saves disk space and time you spent on software update.</p>
+<p>Template VM do not connect to network by default for safety, since if they are compromised all the app vm spawned by them are also done. Updates are conducted through a special proxy so attack surface is minimized</p>
+<p>4.App VM: Lightweight VM spawned from template VM, any changes done to root partition will not persist across boot, it is meant to only use software installed from template VM and save your work in /home</p>
+<img src="appvm.png" class="imgRz" style="width: 400px">
+
+<p>5.PVH: a para virtualization mode, which means some costly actions are not performed in the vm, instead they are done in the host through a special interface to make vm runs faster</p>
+<p>Most qubes will run under PVH mode</p>
+<p>6.HVM: Full virtualization, no host assistance. Only used in situation where PCI passthrough is required, or you installed your own special qube like windows</p>
+<p>7.Disposable VM: This is a special App VM, it is spawned from a disposable VM template everytime when needed, but is destroyed immediately after the task without anything being saved. Ideal for performing some known dangerous activites</p>
+<p>8.PCI passthrough: By default qubes OS qube do not touch any peripheral devices for example usb or network card, if you want some qube to do something with the hardware, you need to do a PCI passthrough. For example if you want to setup a network qube you need to pass through the network adapter</p>
+<p>9.Standalone qube: These are the qubes that do not depend on template vm, you either copied it from a template or installed it yourself</p>
+<p>This is all the basic concepts you need to know, now we start our exploration</p>
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+  <div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Network Setup</b></h2> </br> </br>
+<p>Qubes already comes with many default qubes, you can find them inside the qubes manager, which can be found on the top left menu</p>
+<p>Now we will build up chains of qubes for different online activities.</p>
+<p>0.sys-usb</p>
+<img src="usb-qube.png" class="imgRz" style="width: 400px">
+
+<p>A qube that did not connect to network, and is responsible for providing usb service only, if you have usb keyboard or mouse it might also proxy the input for you. In some circumstances when you have a usb wifi dongle it also becomes the factual network qube</p>
+<p>1.sys-net</p>
+<img src="net-qube.png" class="imgRz" style="width: 400px">
+
+<p>This is where everything starts, you need to passthrough your ethernet adapater(wired or wireless) to a qube, and that qube will be used to as a first part in the network chain</p>
+<p>Since it is directly in contact with network adapter and the routers, it should be considered as untrusted because it is exposed to a lot of uncertain stuff</p>
+<p>Only intended to be used as a basic router and nothing else</p>
+<p>2.sys-firewall</p>
+<p>The qube that separate the rest of your network chain from the sys-net for better security, and it is also the qube that enforces firewall rules if you have vpn qube directly behind it.</p>
+<p>If you have any public identity it is best to directly connect it to sys-firewall, for example online banking</p>
+<img src="firewall-qube.png" class="imgRz" style="width: 400px">
+<p>Each qube can select its own network qube, if none is selected it will not have internet at all. sys-firewall here set sys-net as its network qube</p>
+<img src="firewall-net.png" class="imgRz" style="width: 1200px">
+<p>And any qube provides network service need to enable "provides network" in advanced tab below "Run in debug mode"</p>
+<img src="firewall-service.png" class="imgRz" style="width: 1200px">
+<p>Any qube directly connect to sys-firewall will have your home isp ip address, best suited for public activity, for example online banking</p>
+<img src="banking.png" class="imgRz" style="width: 1200px">
+
+<p>3.vpn qube</p>
+<p>A qube setup with vpn profile, redirect all the traffic to your designated vpn server. Ideal for providing a pseudonymous identity. If applied with firewall rules it can be guaranteed leak proof</p>
+<p>Works fine with wireguard and openvpn cli, but for vpn vendor's own gui there might be problems, sometimes those apps break the dns setup in qubes</p>
+<p>Mullvad has a very detailed tutorial on how to setup a vpn qube <a href="https://mullvad.net/en/help/qubes-os-4-and-mullvad-vpn">https://mullvad.net/en/help/qubes-os-4-and-mullvad-vpn</a>. However iptables mentioned in it is already deprecated by Qubes, and I personally recommend using wireguard, it works without need to config anything in the qube, and use sys-firewall to enforce leak protection</p>
+<img src="vpn-qube.png" class="imgRz" style="width: 400px">
+<p>If you have any pseudonymous activities it is best to connect behind vpn qube, for example torrenting</p>
+<p>The setup is pretty much similar and you only need to change the network qube to vpn qube</p>
+<p>4.whonix qubes</p>
+<p>Whonix is the best part of qubes, it makes tor very easy to use. Whonix qubes consists of two parts, first is whonix gateway, which onionlize all the network traffic behind it. Whonix workstation is a workstation specifically tuned for anonymity, and is usually disposable for increased security</p>
+<p>You can also hook up other non workstation qubes behind whonix gateway in rare circumstances, for example a windows qube, but you should be careful and should have a specialized gateway qube only for this.</p>
+<p>This is the ideal place for all the high risk activities like all the darknet stuff</p>
+<p>You might choose to whether or not to put whonix gateway behind a vpn</p>
+<img src="whonix-qube.png" class="imgRz" style="width: 400px">
+<p>Here we use whonix workstation to access tor.taxi for exploring the darknet</p>
+<img src="whonix-usage.png" class="imgRz" style="width: 1200px">
+
+</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+
+  <!-- +++++ Second Post +++++ -->
+	<div id="anon1">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Tips</b></h2> </br> </br>
+<p>There are some tricky problems about qube, like how to copy and paste text between qubes, and how to transfer files, or how to use usb.</p>
+<p>For copy text, there is a master pasteboard in dom0, once you copy some text normally inside a qube, click shift+ctrl+c, then the text get transferred to the master pasteboard, and go to the vm you want to paste, click shift+ctrl+v, then the text is inside the clipboard of your destination vm</p>
+<p>Other stuff are inside the official document, no need to rebuild the wheels again</p>
+<p><a href="https://www.qubes-os.org/doc/getting-started/">All the qubes "how to" guide</a></p>
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+	<!-- +++++ Footer Section +++++ -->
+
+	<div id="anonb">
+		<div class="container">
+			<div class="row">
+				<div class="col-lg-4">
+					<h4>Nihilism</h4>
+          <p>
+						Until there is Nothing left.</p></br></br><p>Creative Commons Zero: No Rights Reserved</br><img src="\CC0.png">
+						
+					</p>
+				</div><!-- /col-lg-4 -->
+
+				<div class="col-lg-4">
+					<h4>My Links</h4>
+					<p>
+
+						<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FL5jrGV2L_Bb20Oj0aE4Gn-m5AHet9XdpYDotiqpcpGc%3D%40nowhere.moe%2FH4g7zPbitSLV5tDQ51Yz-R6RgOkMEeCc%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAkts5T5AMxHGrZCCg12aeKxWcpXaxbB_XqjrXmcFYlDQ%253D&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22c3Y-iDaoDCFm6RhptSDOaw%3D%3D%22%7D">SimpleX Chat</a><br/>
+
+					</p>
+				</div><!-- /col-lg-4 -->
+
+				<div class="col-lg-4">
+					<h4>About nihilist</h4>
+					<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@contact.nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
+				</div><!-- /col-lg-4 -->
+
+			</div>
+
+		</div>
+	</div>
+
+
+    <!-- Bootstrap core JavaScript
+    ================================================== -->
+    <!-- Placed at the end of the document so the pages load faster -->
+    
+  </body>
+</html>