I was thinking about these words. “Qubes OS: The Operating System That Can Protect You Even If You Get Hacked"
I was wondering if qubes can protect me even if my network got hacked .
I would suggest reading these pages, as they probably do a better job of explaining the basics of Qubes security more completely than me:
The short answer would likely be “It depends, but you’ll most likely stay secure so long as you use Qubes OS properly.”
Qubes already assumes the network is compromised. See the links @tech3599 helpfully provided (and the rest of the documentation) to learn more.
What the person who hacked my network can see ?
Is there thoughts of the outputs that will show the person trying to hack my network.
If you install and run an application such as tcpdump within your template for sys-net vm you will be able to see the traffic on the wire as the hacker might see it. There are a number of network trace applications but it’s best to keep the footprint small in sys-net.
sys-net> sudo tcpdump -I eth0
Replace the above with your external interface on your network card. You will likely see a lot of stuff flying by so you might want to redirect it and capture a few seconds of output and then go look up on the internet what each entry means. That following discussion will not be a qubes specific discussion so look for a network related forum for extending that conversation.
All the traffic from your Qubes box.
They would be able to see where the traffic was going, and what sort
of traffic it is(http,https,ssh,etc - update checks, time checks, checks for
mail, sending mail.)
If the traffic is not encrypted, they would be able to read the
contents.
For encrypted traffic they might be able to deduce the contents.
They would be able to see that you are using Qubes, and whether you were
using Tor.
They would likely be able to guess which templates you are using, and
which packages are installed.
Depending on the resources they have they may be able to deanonymize
you.
When I comment in the Forum or in the mailing lists I speak for myself.
@stuporchase There are so many forums, where to even start? I’ll just give you a few lists of forums to get you started. It all depends of what specific area of network security you would like to focus on. If you are using any specific software there will likely be forums for that software as well.
Lists of forums:
You may also want to search Shodan for your own IP address to see what exploits are actual threats for your specific situation.
Then play with Etherape to visually watch what is actually happening on your local/virtual network.
list all your interfaces in a VM
appvm> ifconfig -a
then watch specific traffic on your various interfaces
e.g. watch wired internet traffic trying to probe you
sys-net> sudo etherape -i ens6
wireless traffic trying to probe you
sys-net> sudo etherape -i wls7
traffic from sys-firewall
sys-net> sudo etherape -i vif3.0
probably the best place to watch your own personal traffic in Qubes
sys-firewall> sudo etherape -i eth0
specific connections for each individual AppVM
sys-firewall> sudo etherape -i vif4.0
sys-firewall> sudo etherape -i vif5.0
sys-firewall> sudo etherape -i vif7.0