[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [CONTRIBUTE] [DONATE]

Opinion about these two kinds of setup

Support
#1

Hello
I would have Windows as OS at the end, now my question is about these setup (I know the problem of firgerprint, but I want an answer about the most secure)
1)whonix gateway—>workstation—>rdp with windows
or
2)whonix gateway—>vm with windows

Thank you

#2

Good day,

Because of the fact that you normally don’t have full control over a system accessed via RDP, the second one should be more secure.

Have a nice day,

Ego

#3

Hi
Thank you for the fast answer
Do I have to setup an encrypted tunnel between gateway and Windows?

Regards

#4

Secure from what? Exploiting your main system? Confidentiality of stuff within Windows VM?

#5

Exploit my main OS
About rdp I mean vps

#6

Good day,

No, you host can’t be compromised. I was talking about tracking and usage analysis on the machine.

Have a nice day,

Ego

#7

I guess not running Windows on your local machine which is a whole lot of closed source code, and not having Windows able to create connections from somewhere on your local computer is something worthwhile. Depending on how secure the rdp client is against exploitation, the game changes.

#8

My main OS is debian with full encryption
With rdp in workstation I can use ssh access, tools like fail2ban, change port, disable root access but I don’t have the full control of the vps
About the tracking on VM I can always delete and reinstall right?

#9

Good day,

Actually no, at least not when talking about the VPS. Like I said before, as you don’t have control over what happens on a server hosted by a third party, you can never tell whether or not anything you do on there is tracked/saved and kept even after deleting. That’s why I’d vouch for keeping full control over what you use.

On your own Windows based Workstation, this obviously is possible

Have a nice day,

Ego

#10

With the use of Windows workstation do I have to change my MAC address? (windows vm can see my mac or see just gateway mac?)
Can I connect gateway with more windows vm?
If windows vm is infected, is my debian OS doomed too?

Regards

#11

No. https://www.whonix.org/wiki/Connections_between_Whonix-Gateway_and_Whonix-Workstation

No. https://www.whonix.org/wiki/Computer_Security_Education#MAC_Address

Yes. https://www.whonix.org/wiki/Multiple_Whonix-Workstations + https://www.whonix.org/wiki/Other_Operating_Systems

Only if your attacker is able to “break out” of your virtualization platform.
https://www.whonix.org/wiki/Advanced_Security_Guide#Virtualization_Platform
https://www.whonix.org/wiki/Security_Guide#VirtualBox_Hardening
https://www.whonix.org/wiki/KVM#Why_Use_KVM_Over_VirtualBox.3F
https://www.whonix.org/wiki/Advanced_Security_Guide#Recommendation_to_use_Whonix_with_Physical_Isolation
(docs could use some re-organizing…)

VPS probably only makes sense if:

  1. you have a reliable, secure, pseudonymous method for acquisition & maintenance and
  2. you need a persistent net presence (for example, hosting servers) or
    (3.?) you need a clearnet presence
    (but the assumption should always be that it is compromised to some degree)
2 Likes
#12

Thank you, very useful answers
I use already KVM, it should be more secure although there are a lot of vulnerabilities explained here

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]