Hello
I would have Windows as OS at the end, now my question is about these setup (I know the problem of firgerprint, but I want an answer about the most secure)
1)whonix gateway—>workstation—>rdp with windows
or
2)whonix gateway—>vm with windows
Thank you
Good day,
Because of the fact that you normally don’t have full control over a system accessed via RDP, the second one should be more secure.
Have a nice day,
Ego
Hi
Thank you for the fast answer
Do I have to setup an encrypted tunnel between gateway and Windows?
Regards
Secure from what? Exploiting your main system? Confidentiality of stuff within Windows VM?
Exploit my main OS
About rdp I mean vps
Good day,
No, you host can’t be compromised. I was talking about tracking and usage analysis on the machine.
Have a nice day,
Ego
I guess not running Windows on your local machine which is a whole lot of closed source code, and not having Windows able to create connections from somewhere on your local computer is something worthwhile. Depending on how secure the rdp client is against exploitation, the game changes.
My main OS is debian with full encryption
With rdp in workstation I can use ssh access, tools like fail2ban, change port, disable root access but I don’t have the full control of the vps
About the tracking on VM I can always delete and reinstall right?
Good day,
Actually no, at least not when talking about the VPS. Like I said before, as you don’t have control over what happens on a server hosted by a third party, you can never tell whether or not anything you do on there is tracked/saved and kept even after deleting. That’s why I’d vouch for keeping full control over what you use.
On your own Windows based Workstation, this obviously is possible
Have a nice day,
Ego
With the use of Windows workstation do I have to change my MAC address? (windows vm can see my mac or see just gateway mac?)
Can I connect gateway with more windows vm?
If windows vm is infected, is my debian OS doomed too?
Regards
No. https://www.whonix.org/wiki/Connections_between_Whonix-Gateway_and_Whonix-Workstation
No. https://www.whonix.org/wiki/Computer_Security_Education#MAC_Address
Yes. https://www.whonix.org/wiki/Multiple_Whonix-Workstations + https://www.whonix.org/wiki/Other_Operating_Systems
Only if your attacker is able to “break out” of your virtualization platform.
https://www.whonix.org/wiki/Advanced_Security_Guide#Virtualization_Platform
https://www.whonix.org/wiki/Security_Guide#VirtualBox_Hardening
https://www.whonix.org/wiki/KVM#Why_Use_KVM_Over_VirtualBox.3F
https://www.whonix.org/wiki/Advanced_Security_Guide#Recommendation_to_use_Whonix_with_Physical_Isolation
(docs could use some re-organizing…)
VPS probably only makes sense if:
Thank you, very useful answers
I use already KVM, it should be more secure although there are a lot of vulnerabilities explained here