Ga naar inhoud

Qubes Overzicht

Qubes OS is an open-source operating system which uses the Xen hypervisor to provide strong security for desktop computing through isolated qubes, (which are Virtual Machines). You can assign each qube a level of trust based on its purpose. Qubes OS provides security by using isolation. It only permits actions on a per-case basis and therefore is the opposite of badness enumeration.

Hoe werkt Qubes OS?

Qubes gebruikt compartimentering om het systeem veilig te houden. Qubes worden aangemaakt op basis van sjablonen, waarbij de standaard opties Fedora, Debian en Whonixzijn. Qubes OS also allows you to create once-use disposable qubes.

The term qubes is gradually being updated to avoid referring to them as "virtual machines".

Some of the information here and on the Qubes OS documentation may contain conflicting language as the "appVM" term is gradually being changed to "qube". Qubes are not entire virtual machines, but maintain similar functionalities to VMs.

Qubes architectuur

Qubes Architectuur, Krediet: Wat is Qubes OS Intro

Each qube has a colored border that can help you keep track of the domain in which it runs. Je kunt bijvoorbeeld een specifieke kleur gebruiken voor jouw bankbrowser, en een andere kleur voor een algemene niet-vertrouwde browser.

Gekleurde rand

Qubes vensterranden, krediet: Qubes Screenshots

Waarom zou ik Qubes gebruiken?

Qubes OS is useful if your threat model requires strong security and isolation, such as if you think you'll be opening untrusted files from untrusted sources. A typical reason for using Qubes OS is to open documents from unknown sources, but the idea is that if a single qube is compromised it won't affect the rest of the system.

Qubes OS utilizes dom0 Xen VM for controlling other qubes on the host OS, all of which display individual application windows within dom0's desktop environment. There are many uses for this type of architecture. Here are some tasks you can perform. You can see just how much more secure these processes are made by incorporating multiple steps.

Tekst kopiëren en plakken

Je kunt tekst kopiëren en plakken met behulp van qvm-copy-to-vm of de onderstaande instructies:

  1. Press Ctrl+C to tell the qube you're in that you want to copy something.
  2. Press Ctrl+Shift+C to tell the qube to make this buffer available to the global clipboard.
  3. Press Ctrl+Shift+V in the destination qube to make the global clipboard available.
  4. Press Ctrl+V in the destination qube to paste the contents in the buffer.

Bestandsuitwisseling

To copy and paste files and directories (folders) from one qube to another, you can use the option Copy to Other AppVM... or Move to Other AppVM.... Het verschil is dat de optie Verplaatsen het oorspronkelijke bestand verwijdert. Either option will protect your clipboard from being leaked to any other qubes. This is more secure than air-gapped file transfer. An air-gapped computer will still be forced to parse partitions or file systems. Dat is niet nodig met het inter-qube kopieersysteem.

Qubes do not have their own filesystems.

You can copy and move files between qubes. Daarbij worden de wijzigingen niet onmiddellijk aangebracht en kunnen ze bij een ongeval gemakkelijk ongedaan worden gemaakt. When you run a qube, it does not have a persistent filesystem. You can create and delete files, but these changes are ephemeral.

Inter-VM Interacties

The qrexec framework is a core part of Qubes which allows communication between domains. Het is gebouwd bovenop de Xen-bibliotheek vchan, die isolatie vergemakkelijkt door middel van beleid.

Connecting to Tor via a VPN

We recommend connecting to the Tor network via a VPN provider, and luckily Qubes makes this easy to do with a combination of ProxyVMs and Whonix.

After creating a new ProxyVM which connects to the VPN of your choice, you can chain your Whonix qubes to that ProxyVM before they connect to the Tor network, by setting the NetVM of your Whonix Gateway (sys-whonix) to the newly-created ProxyVM.

Your qubes should be configured in a manner similar to this:

Qube name Qube description NetVM
sys-net Your default network qube (pre-installed) n/a
sys-firewall Your default firewall qube (pre-installed) sys-net
sys-proxyvm The VPN ProxyVM you created sys-firewall
sys-whonix Your Whonix Gateway VM sys-proxyvm
anon-whonix Your Whonix Workstation VM sys-whonix

Extra bronnen

Voor aanvullende informatie raden wij je aan de uitgebreide Qubes OS documentatie pagina's te raadplegen op de Qubes OS Website. Offline kopieën kunnen worden gedownload van het Qubes OS documentatie archief.

Je bekijkt de Nederlandse versie van Privacy Guides, vertaald door ons fantastische taalteam op Crowdin. Als u een fout opmerkt of onvertaalde gedeelten op deze pagina ziet, overweeg dan om te helpen! Voor meer informatie en tips zie onze vertaalgids.

You're viewing the Dutch copy of Privacy Guides, translated by our fantastic language team on Crowdin. If you notice an error, or see any untranslated sections on this page, please consider helping out! For more information and tips see our translation guide.