Hi, I have been using Qubes for a bit of time now, and looking to update to 4.1 , the only reason I haven’t in the past, is because I have learning and reading slowly through the documentation to improve my knowledge. I have a few questions before I upgrade to improve my own understanding of security after a test run with 4.1 -
Normally when I update dom0, any template or download a template it runs through a ProxyVM, on 4.1, on my test run that didn’t work, can someone clarify this please for me?
Disposable Firewall and sys-net - is there a simple way, to store firewall setup into the disposable sys-firewall after system boot? I dont want to be putting settings in after every boot but maybe a quick copy and paste of settings will help. (i want to keep these disposable for my own learning and boot up routine)
Zero clear net exchange - Is there a way in 4.1 to ensure all traffic is either only through Tor or a VPN, updates, templates, etc? (preferably VPN for the most part). and is there a way to update dom0 through a vpn proxy rather than just tor?
Safety of template updates through tor - I have used tor in the past but for the most part its quite new, what is the level of safety when updating templates, dom0, etc? and what should I look for while updating to ensure the integrity of updates/downloads.
Is it worth having two different disposable VM templates (is this possible? because the global settings doesn’t permit separation).
1 for services (sys-net, sys-firewall) other for internet browsing qubes? I was reading about templates being compromised and the resulting qubes being infected.
- Minimal template security - I am going to start using these with 4.1 as my main setup, is there any security issues to be aware of? I can’t seem to find any details around security cons, only pros related to threat models and attack surfaces.
Thank you, and I am really glad I found this community and Qubes, its been a journey learning and I feel more confident in taking further steps in my understanding because of this community.