Security by isolation

Security by isolation is the principle that relies on the fact that, in general, you need to be able to talk to a component in order to exploit it. This explains why dom0 has no internet, and why it's recommended that you use different Qubes for different "Security groups". As different Qubes can't directly talk to each other (in general, see the RPC section), even if one Qube is compromised (say through a web browser or email client exploit), it can't then be used to pivot and attack other Qubes.

Qube RPC


WhatIs/SecurityByIsolation (last edited 2018-11-21 05:58:22 by admin)