General Security Questions

Hi,

I would like to ask two general questions about security.

  1. Is there any way to verify the authenticity (using hashes for example) of dom0 or other critical files after a reboot, if I don’t use coreboot but regular BIOS?

  2. Is there any possibility of a network attacks on AppVM if all ports are closed (i.e. no service is listening) and ICMP is not responding (CVE-2022-23093)? That is, if an attacker gained access to one AppVM, what are the chances that they would compromise other AppVMs on the same network? I know that Qubes does not allow network communication between AppVMs by default, is there any way for an attacker to get around this? (Let’s now exclude social engineering attacks such as phishing, etc.)

Thank you!

That’s the reason AEM exists and the more modern solution called trenchboot.

Related to network: Idk really but in general it should be not allowed by the policies. This is why vault is trusted quite a lot by many.

I understand that AEM is the most appropriate protection at a non-lower level, but if that option doesn’t exist, does it make sense to at least check critical files for immutability?

So you say you can’t run AEM on your laptop/desktop? In this case the recommended way of doing it is by using encryped /boot or by using detached boot and keeping the usb on you all the time.

Thank you, I check trenchboot, maybe it is better idea to use this than try to find another solution how to confirm integrity.

Do you think it is good idea to install this GitHub - Sysinternals/SysmonForLinux on NetVM to analysis for anomalies please?