Hi all,
Without revealing anything that would compromise your opsec, how does everyone configure their banking VMs? Or perhaps most use a DVM? Curious as to the best method. Right now I just use a separate browser within my browsing VM, which isn’t at all great for security reasons.
Thanks!
Well, right now it’s a simple app VM, dedicated to this unique task, but you make me realize that it should be a disposable 
DVM based on a template with browser installed.
Named disposable based on that DVM with firewall rules restricting to TCP 443 mybank.com. Additionally disabled ICMP through qvm-firewall.
Browsing in the named disposable.
Did you do everything in nftables or through the GUI, with respect to ICMP and port restricting? Could you share those?
Assuming your qube is named AAA and you want to restrict access to mybank.com:
Starting point:
user@dom0:~ > qvm-firewall --raw AAA
action=accept
Configuration:
user@dom0:~ > qvm-firewall --raw AAA del --rule-no=0
user@dom0:~ > qvm-firewall --raw AAA add action=accept proto=tcp dsthost=mybank.com dstports=443-443
user@dom0:~ > qvm-firewall --raw AAA add action=accept specialtarget=dns
user@dom0:~ > qvm-firewall --raw AAA add action=drop
Result:
user@dom0:~ > qvm-firewall --raw AAA
action=accept proto=tcp dsthost=mybank.com dstports=443-443
action=accept specialtarget=dns
action=drop
Note that it is possible that your bank website may need to connect to other hosts too. If that is the case, add them above the dns rule, e.g.:
qvm-firewall --raw AAA add --before=0 action=accept proto=tcp dsthost=host2.com dstports=443-443
I still bank like a plebian… I need to take a page or two from your book
This great, thanks! But the number of ports and hosts mybank.com (my actual banks) connect to go far beyond 443, it’s absurd. I’ll have to either manually sniff out each host through Opensnitch or figure out a different approach.
Absolutely agree. A dedicated single instance of a disposable browser VM is sufficient. Who else and how could sniff if you access only your ebank in this VM? Even theoretically.
You can use tcpdump or even the web console of the browser to see hosts and port numbers.
Who else and how could sniff if you access only your ebank in this VM? Even theoretically.
You are talking about sniffing in a different context. The purpose of restricting network access is not to protect the content or the fact of the traffic, and is unrelated to VM persistence. It can protect from e.g:
Tcpdump output doesn’t seem to reflect the ad and tracker websites: it only displays connectivity to the one host IP and :443. I can provide a modified output later, but I used tcpdump -n host mybank.com and then opened the URL in a browser.
Opensnitch showed many more nefarious links.
Qubes off-topic warning.
Looks like banking has become a complicated endeavor already. They are slowly shifting all responsibility to the consumer. If you get hacked, social engineered, lose your pin… etc etc the blame is on you and no refunds. If you read your bank terms they even indemnify themselves from hacks. Make your life easier and show up in person at an atm or teller. Anways, eventually as you get older you will need to rely on banking in person. Your bank doesn’t have in person service or atms, find one that do. Don’t trust yourself at 80 years old to know all the security trends in technology to keep up. Just to clarify, everyone will eventually go back to in person or atm banking due to aging. The internet is great tool for social media, researching, information, encylopedia device, news or gaming. Not a place to do your banking especially when using a smartphone.
Exceptions:
I am interested in this thread because I will be using a business checking account soon for Short Term Rental arbitrage as a Digital Nomad, soon with online banking.
A standalone AVM with just one application
No browser.
Probably just in Germany working.
Not a place to do your banking especially when using a smartphone.
I wonder if there is a way to install Android in a qube, then put the banking app on it and use it. I say “I wonder” because the banking apps require access to e.g. camera which a qube fortunately does not have.
Qubes off-topic warning.
Looks like banking has become a complicated endeavor already. They are slowly
shifting all responsibility to the consumer. If you get hacked, social
engineered, lose your pin… etc etc the blame is on you and no refunds.
I’d kindly take the responsibility all to myself, as that’s why I have my
workstation set up the way I have. Using a qube that’s firewalled to bank’s
domains would suffice in my case, but I witnessed the opposite behavior -
treating a customer as someone who knows nothing about security and who can’t be
responsible for their own life, therefore making sure the customer won’t get
harmed by themselves and later on publicly blame such a bank.
If you read your bank terms they even indemnify themselves from hacks. Make
your life easier and show up in person at an atm or teller.
Showing up in person might be worthwhile for other reasons I mentioned earlier -
historically I’ve witnessed things like a total block of a login possibility due
to running a bank’s smartphone app in a virtual tablet or that app simply
freezing on a phone that differs too much from the “intended” configuration,
which average Joe has. And yes, that application is mandatory to be able to even
log in, due to the reasoning that smartphones will be more secure than my laptop
with Qubes OS.
That reasoning is justified, as historically incompetent people were blaming
banks for having their money stolen by criminals, and for these people a
locked-down smartphone is more secure than, let’s say, a laptop.
Anways, eventually as you get older you will need to rely on banking in
person. Your bank doesn’t have in person service or atms, find one that do.
I hope that people will be able to rely on banking that way. However, the world
doesn’t always work well as we intend. Even nowadays people are discriminated
and have their accounts locked by certain payment processors for attempting to
exchange money for, e.g. artwork that the processors don’t approve of.
Don’t trust yourself at 80 years old to know all the security trends in
technology to keep up.
Never did and likely never will. However, a good amount of experience will help.
Simply being suspect of something that looks off and not relying on emotions
might mitigate some attacks.
Not sure where you all be banking at, but my Credit Union still provides many more options via their website than their app. The only exception being the app allows for camera scanning of depositing paper checks remotely online, though maybe they have a way to upload the scans on the website too likely. Either way, I have never used that feature.
As for if it is possible to have Android, I read online we may install and run Android emulators. Though I have also recently heard on Social Media chatter that doing such is quirky in that many bare metal machines will not offer touch screen functionality — let alone in a VM qube on Qubes — so then I read that much of the “Android” functionality is lost upon emulation making for a sub par user experience.
I have no idea yet though, as I am holding off for now since the emulator would take up 250G of my hard disk alone as an install from an ISO image
All I know is my Credit Union offers more options when logging into their website on a full desktop browser, and that my Threat Model has made being on an Android phone — especially when not deGoogled — a major risk to me right now (even if without a SIM or SIP just WiFi for connecting to a data source based comms)
I am upset that my Credit Union has no offer to secure with a passkey, they still are way behind the times in that they don’t even offer an authentication app either merely only a SMS based 2FA.
I recently opened up a new account at a different Credit Union, and they at least offer an authentication app 2FA rather than only a SMS 2FA. At either banking institutions I have never had to use my phone camera btw, be I online on a full desktop browser or on a mobile app via a tablet or smart phone.
Thus is why I have an internet in this discussion overall
I will not know for sure about any of this until I download and install that emulator for a HVM
I find no real reason to do local banking. Its just time consuming, I don’t deposit many checks anymore, nor write them (esp with check washing now, I’m told its a bad idea).
Maybe, just use a default separate template, and 2FA with some hardware token.
or is a HVM somehow more secure than that ?
and I hope to never do any banking apps on a “phone”, maybe I will eventually be Assimilated by the Borg,
Under normal circumstances I think a deGoogled Android is likely more “secure” than any given OS on a desktop computer environment — even on a Virtual Machine.
Under NOT so normal circumstances, like in my Threat Model, an emulated Android within a VM is more “secure” as it takes much more considerable effort to get any device identifiers let alone PII, as well as taking more considerable effort to get to other apps (based upon security by obscurity any regular efforts would be confused as they assume it would be on a mobile phone device not a desktop let alone a VM).
Such an app as Authy. I don’t need Authy for my banking as previously stated, but I am forced to use Authy due to being on the CEX (Centralized Exchange) of Gemini for cryptocurrency trading (a neo form of Banking lol). I really hate that Gemini forces Authy and no other solution, because once a phone number becomes compromised it is a pain in the rear to get in contact and update one’s IRL PII with Authy (if I had a choice I would never use them, I would use OTP and the like). Furthermore, the Authy app is extremely intrusive as far as permissions goes for an app that has IDs to one’s PII making it a risk of such leaking from a “phone” of mine (even without a SIM) to be “found”.
Hence, why I am looking into how to emulate Android within a qube VM such as a HVM so to obtain the full functionality of a mobile app such as Authy without its glaring risks to privacy which will then snowball into threatening my security once my device is ever found — especially if linked to the same phone number rather than a different one unassociated with said mobile device. With a VM I can literally keep every single aspect of this separated, while hopefully retaining similar functionality.
I was unaware of this thank you @Clodius !
I may still need something for Authy though …
(I am stuck with Authy for the Gemini CEX)