PrivacyBeast X230

2020-02-16 23:00:33 -06:00 · 2020-02-16 23:00:33 -06:00 · d4525dfd65
parent d6a555c6a0
commit d4525dfd65
7 changed files with 111 additions and 58 deletions
--- a/_includes/nav.html
+++ b/_includes/nav.html
@ -86,6 +86,7 @@
            </span>
          </summary>
          <span class="nav-dropdown">
+            <a class="dropdown-item" href="/hardware/#laptops"><span class="fas fa-laptop fa-fw"></span> Laptops</a>
            <a class="dropdown-item" href="/hardware/#mobile"><span class="fas fa-mobile-alt fa-fw"></span> Mobile Devices</a>
            <a class="dropdown-item" href="/hardware/#u2f"><span class="fas fa-key fa-fw"></span> U2F Security Keys</a>
            <a class="dropdown-item" href="/hardware/#routers"><span class="fas fa-network-wired fa-fw"></span> Routers</a>
--- a/_includes/sections/laptops.html
+++ b/_includes/sections/laptops.html
@ -0,0 +1,32 @@
+<h1 id="laptops" class="anchor"><a href="#laptops"><i class="fas fa-link anchor-icon"></i></a> Laptops</h1>
+
+<div class="container-fluid">
+  <div class="row mb-2">
+    <div class="col-lg-3 col-sm-12 pt-lg-5 text-center">
+      <img
+        src="/assets/img/png/3rd-party/thinkpad-x230.png"
+        data-theme-src="/assets/img/png/3rd-party/thinkpad-x230.png"
+        height="200"
+        width="200"
+        class="img-fluid d-block mr-auto ml-auto align-middle"
+        alt="Lenovo ThinkPad X230">
+        <a class="btn btn-primary mt-4" href="https://insurgo.ca/produit/qubesos-certified-privacybeast_x230-reasonably-secured-laptop/" role="button"><i class="fas fa-external-link-alt fa-fw"></i> Website</a>
+    </div>
+    <div class="col">
+    <h2>Insurgo PrivacyBeast X230</h2>
+    <p>This is a modified highest-end <strong>Lenovo ThinkPad X230</strong> with QubesOS preinstalled, deactivated Intel ME, and open source firmware.</p>
+
+    <h5><span class="badge badge-success">Security Features</span></h5>
+    <p>This laptop has a number of added security features:</p>
+    <ul>
+      <li>Intel ME has been completely deactivated.</li>
+      <li>The proprietary boot firmware has been replaced with <a href="https://github.com/osresearch/heads">Heads</a>, a "configuration for laptops and servers that tries to bring more security to commodity hardware" through the use of free software.</li>
+      <li>The boot and firmware integrity is "sealed" with an included NitroKey Pro v2, allowing you to visually validate that nothing has been modified in transit or at boot.</li>
+    </ul>
+    <p>Upon receiving the device and ensuring everything is configured securely, you will be asked to re-do the installation procedure yourself with keys that only you control.</p>
+
+    <h5><span class="badge badge-success">Qubes Certified Hardware</span></h5>
+    <p>The Insurgo PrivacyBeast X230 has <a href="https://www.qubes-os.org/news/2019/07/18/insurgo-privacybeast-qubes-certification/">passed</a> Qubes 4.0 Hardware Certification. It not only met all the requirements defined by the Qubes team, but exceeded them thanks to its additional security functionality.</p>
+    </div>
+  </div>
+</div>
--- a/_includes/sections/mobile-devices.html
+++ b/_includes/sections/mobile-devices.html
@ -63,60 +63,3 @@
  <li><a href="https://devices.ubuntu-touch.io/device/FP2">Fairphone 2</a> <span class="badge badge-info">Ubuntu Touch</span> - The Fairphone 2 is an interesting look into modular, ethical, and sustainable mobile devices with an emphasis on open source. This our preferred hardware if you wish to run Ubuntu Touch, however using older and less tested hardware like this inherently forces you to make significant security compromises.</li>
  <li><a href="https://redmine.replicant.us/projects/replicant/wiki/GalaxyS3I9300">Samsung Galaxy S3</a> <span class="badge badge-info">ReplicantOS</span> - This is the best hardware available if you wish to run ReplicantOS, however using older hardware like this inherently forces you to make significant security and usability compromises.</li>
 </ul>
-
-<h1 id="u2f" class="anchor"><a href="#u2f"><i class="fas fa-link anchor-icon"></i></a> U2F Security Keys</h1>
-
-{% include cardv2.html
-title="YubiKey 5"
-image="/assets/img/png/3rd-party/yubikey-5c.png"
-description='The YubiKey 5 is a multi-protocol security key, providing strong two-factor, multi-factor and passwordless authentication, and seamless touch-to-sign. It supports FIDO2, FIDO U2F, one-time password (OTP), OpenPGP, and smart card functionality. It is available in a variety of form factors for desktop or laptop.'
-website="https://www.yubico.com/products/yubikey-5-overview/"
-github="https://github.com/yubico"
-%}
-
-{% include cardv2.html
-title="Yubico Security Key"
-image="/assets/img/png/3rd-party/yubico-security-key.png"
-description='The Yubico Security Key is a budget option for secure two-factor authentication, supporting the U2F and FIDO2 protocols to protect your accounts against remote takeovers.'
-website="https://www.yubico.com/products/security-key/"
-github="https://github.com/yubico"
-%}
-
-{% include cardv2.html
-title="SoloKeys"
-image="/assets/img/png/3rd-party/solokey.png"
-description='The SoloKey is the "first open-source FIDO2 security key", available in both USB-A and USB-C variants with optional NFC capability for mobile devices.'
-website="https://solokeys.com/"
-github="https://github.com/solokeys"
-%}
-
-<h1 id="routers" class="anchor"><a href="#routers"><i class="fas fa-link anchor-icon"></i></a> Home Routers</h1>
-
-<div class="container-fluid">
-  <div class="row mb-2">
-    <div class="col-lg-3 col-sm-12 pt-lg-5 text-center">
-      <img
-        src="/assets/img/png/3rd-party/turris-omnia.png"
-        data-theme-src="/assets/img/png/3rd-party/turris-omnia.png"
-        height="200"
-        width="200"
-        class="img-fluid d-block mr-auto ml-auto align-middle"
-        alt="Turris Omnia">
-        <a class="btn btn-primary mt-4" href="https://www.turris.cz/en/omnia/" role="button"><i class="fas fa-external-link-alt fa-fw"></i> Website</a>
-    </div>
-    <div class="col">
-    <h2>Turris Omnia</h2>
-    <p><strong>Turris Omnia</strong> is a secure, high performance, and open-source home router. It has specifications that would allow it to easily handle Gigabit-level networking, as well as additional functionality (NAS, printserver, or other server type use-cases).</p>
-    <p>Turris Omnia was created by <strong>NIC.CZ</strong>, the non-profit .CZ domain registry behind many massive internet open-source projects including Knot (DNS Server), BIRD (Internet routing daemon), and FRED (Domain registry platform). As such, we believe they have the experience required to make a secure routing platform.</p>
-
-    <h5><span class="badge badge-success">OpenWrt</span></h5>
-    <p>Turris Omnia runs OpenWrt, the router operating system platform <a href="/operating-systems/#firmware">we recommend</a> for home users. It is an incredibly lightweight operating system perfect for this workload, and it is well supported by its developers.</p>
-
-    <h5><span class="badge badge-success">Secure Defaults</span></h5>
-    <p>Turris Omnia is configured securely and privately by default. It also features <strong>automatic updates</strong> that require no user interaction. The lack of updates is a security problem for most home router brands.</p>
-
-    <h5><span class="badge badge-info">Additional Functionality</span></h5>
-    <p>This device can be used for more than just routing. It is a highly extensible product, allowing you to do things like add mSATA storage. It features a SIM slot that can be used alongside an LTE USB or miniPCIe modem for backup connectivity. It comes with a "virtual server", which allows you to install normal Linux applications or even entirely seperate Linux distros like Ubuntu or Debian independently of the main software, improving security and allowing for safe software experimentation.</p>
-    </div>
-  </div>
-</div>
--- a/_includes/sections/routers.html
+++ b/_includes/sections/routers.html
@ -0,0 +1,36 @@
+<h1 id="routers" class="anchor"><a href="#routers"><i class="fas fa-link anchor-icon"></i></a> Home Routers</h1>
+
+<div class="container-fluid">
+  <div class="row mb-2">
+    <div class="col-lg-3 col-sm-12 pt-lg-5 text-center">
+      <img
+        src="/assets/img/png/3rd-party/turris-omnia.png"
+        data-theme-src="/assets/img/png/3rd-party/turris-omnia.png"
+        height="200"
+        width="200"
+        class="img-fluid d-block mr-auto ml-auto align-middle"
+        alt="Turris Omnia">
+        <a class="btn btn-primary mt-4" href="https://www.turris.cz/en/omnia/" role="button"><i class="fas fa-external-link-alt fa-fw"></i> Website</a>
+    </div>
+    <div class="col">
+    <h2>Turris Omnia</h2>
+    <p><strong>Turris Omnia</strong> is a secure, high performance, and open-source home router. It has specifications that would allow it to easily handle Gigabit-level networking, as well as additional functionality (NAS, printserver, or other server type use-cases).</p>
+    <p>Turris Omnia was created by <strong>NIC.CZ</strong>, the non-profit .CZ domain registry behind many massive internet open-source projects including Knot (DNS Server), BIRD (Internet routing daemon), and FRED (Domain registry platform). As such, we believe they have the experience required to make a secure routing platform.</p>
+
+    <h5><span class="badge badge-success">OpenWrt</span></h5>
+    <p>Turris Omnia runs OpenWrt, the router operating system platform <a href="/operating-systems/#firmware">we recommend</a> for home users. It is an incredibly lightweight operating system perfect for this workload, and it is well supported by its developers.</p>
+
+    <h5><span class="badge badge-success">Secure Defaults</span></h5>
+    <p>Turris Omnia is configured securely and privately by default. It also features <strong>automatic updates</strong> that require no user interaction. The lack of updates is a security problem for most home router brands.</p>
+
+    <h5><span class="badge badge-info">Additional Functionality</span></h5>
+    <p>This device can be used for more than just routing. It is a highly extensible product, allowing you to do things like add mSATA storage. It features a SIM slot that can be used alongside an LTE USB or miniPCIe modem for backup connectivity. It comes with a "virtual server", which allows you to install normal Linux applications or even entirely seperate Linux distros like Ubuntu or Debian independently of the main software, improving security and allowing for safe software experimentation.</p>
+    </div>
+  </div>
+</div>
+
+<h3>Worth Mentioning</h3>
+
+<ul>
+  <li><a href="https://www.peplink.com/products/pepwave-surf-soho/">Pepwave Surf SOHO</a> - A lower-end business-class router with stable, secure, and easy-to-use firmware. Unlike most business-class routers, the interface is easy to use while still feature-rich.</li>
+</ul>
--- a/_includes/sections/security-keys.html
+++ b/_includes/sections/security-keys.html
@ -0,0 +1,31 @@
+<h1 id="u2f" class="anchor"><a href="#u2f"><i class="fas fa-link anchor-icon"></i></a> U2F Security Keys</h1>
+
+{% include cardv2.html
+title="YubiKey 5"
+image="/assets/img/png/3rd-party/yubikey-5c.png"
+description='The YubiKey 5 is a multi-protocol security key, providing strong two-factor, multi-factor and passwordless authentication, and seamless touch-to-sign. It supports FIDO2, FIDO U2F, one-time password (OTP), abd OpenPGP smart card functionality. It is available in a variety of form factors for desktop or laptop.'
+website="https://www.yubico.com/products/yubikey-5-overview/"
+github="https://github.com/yubico"
+%}
+
+{% include cardv2.html
+title="Yubico Security Key"
+image="/assets/img/png/3rd-party/yubico-security-key.png"
+description='The Yubico Security Key is a budget option for secure two-factor authentication, supporting the U2F and FIDO2 protocols to protect your accounts against remote takeovers.'
+website="https://www.yubico.com/products/security-key/"
+github="https://github.com/yubico"
+%}
+
+{% include cardv2.html
+title="SoloKeys"
+image="/assets/img/png/3rd-party/solokey.png"
+description='The SoloKey is the "first open-source FIDO2 security key", available in both USB-A and USB-C variants with optional NFC capability for mobile devices. It is less feature-rich compared to the YubiKey 5 lineup, but at $20 it is a great starting point for securing your accounts, or backup U2F authenticator.'
+website="https://solokeys.com/"
+github="https://github.com/solokeys"
+%}
+
+<h3>Worth Mentioning</h3>
+
+<ul>
+  <li><a href="https://onlykey.io/">OnlyKey</a> - Another open-source option, OnlyKey supports TOTP codes, YubiKey compatible OTP, and U2F, making it very compatible with most websites. It also has a hardware PIN lock in case the device is lost or stolen. We would like to see GPG smart card support and a variety of form factors (USB-C, NFC) before recommending it for general use.</li>
+</ul>
--- a/assets/img/png/3rd-party/thinkpad-x230.png
+++ b/assets/img/png/3rd-party/thinkpad-x230.png
--- a/pages/hardware.html
+++ b/pages/hardware.html
@ -5,4 +5,14 @@ title: "Hardware"
 description: "Your privacy is only as strong as the devices you use."
 ---

-{% include sections/hardware.html %}
+{% include sections/laptops.html %}
+
+{% include sections/mobile-devices.html %}
+
+{% include sections/security-keys.html %}
+
+{% include sections/routers.html %}
+<h3>Further Reading</h3>
+<ul>
+  <li><a href="https://routersecurity.org/">RouterSecurity.org</a> - A list of router configuration tips to keep your router and network secure.</li>
+</ul>