A Firewall for Your Radical Network (bobkonf2021)

QubesOS is probably the most secure operating system right now, recommended by security professionals and human rights activists. Security issues in operating systems are often related to networking or hardware. By separating networking, private data and hardware drivers into different virtual machines, QubesOS helps to isolate attacks. In case of a breach, attackers are confined to a virtual machine (=Qube), for example the networking Qube. The rest of the system is safe on separate Qubes, even in case of compromise. The Qubes-Mirage-Firewall is written in OCaml as a unikernel - a small, single purpose operating system kernel - in the library operating system MirageOS. The talk will not be QubesOS-specific, rather use it as an example and draw conclusions that apply to all operating systems and give a general understanding and strategy plan for network security tailored to everyone’s individual needs. We will talk about: - Functional Programming as a security practice - The layered structure of networking and why we have it - What is a network protocol and how we read it - Tools to analyze and learn about a network (wireshark, traceroute) - The idea of QubesOS and how to structure your system into different Qubes and run them - Configuring a firewall and why it has been obscure in the past - Testing a firewall to see who can access which parts of the network about this event: https://bobkonf.de/2021/schirmer.html