Laptops
+ +
+ Website
+ Insurgo PrivacyBeast X230
+This is a modified highest-end Lenovo ThinkPad X230 with QubesOS preinstalled, deactivated Intel ME, and open source firmware.
+ +Security Features
+This laptop has a number of added security features:
+-
+
- Intel ME has been completely deactivated. +
- The proprietary boot firmware has been replaced with Heads, a "configuration for laptops and servers that tries to bring more security to commodity hardware" through the use of free software. +
- The boot and firmware integrity is "sealed" with an included NitroKey Pro v2, allowing you to visually validate that nothing has been modified in transit or at boot. +
Upon receiving the device and ensuring everything is configured securely, you will be asked to re-do the installation procedure yourself with keys that only you control.
+ +Qubes Certified Hardware
+The Insurgo PrivacyBeast X230 has passed Qubes 4.0 Hardware Certification. It not only met all the requirements defined by the Qubes team, but exceeded them thanks to its additional security functionality.
+U2F Security Keys
- -{% include cardv2.html -title="YubiKey 5" -image="/assets/img/png/3rd-party/yubikey-5c.png" -description='The YubiKey 5 is a multi-protocol security key, providing strong two-factor, multi-factor and passwordless authentication, and seamless touch-to-sign. It supports FIDO2, FIDO U2F, one-time password (OTP), OpenPGP, and smart card functionality. It is available in a variety of form factors for desktop or laptop.' -website="https://www.yubico.com/products/yubikey-5-overview/" -github="https://github.com/yubico" -%} - -{% include cardv2.html -title="Yubico Security Key" -image="/assets/img/png/3rd-party/yubico-security-key.png" -description='The Yubico Security Key is a budget option for secure two-factor authentication, supporting the U2F and FIDO2 protocols to protect your accounts against remote takeovers.' -website="https://www.yubico.com/products/security-key/" -github="https://github.com/yubico" -%} - -{% include cardv2.html -title="SoloKeys" -image="/assets/img/png/3rd-party/solokey.png" -description='The SoloKey is the "first open-source FIDO2 security key", available in both USB-A and USB-C variants with optional NFC capability for mobile devices.' -website="https://solokeys.com/" -github="https://github.com/solokeys" -%} - -Home Routers
- -
- Website
- Turris Omnia
-Turris Omnia is a secure, high performance, and open-source home router. It has specifications that would allow it to easily handle Gigabit-level networking, as well as additional functionality (NAS, printserver, or other server type use-cases).
-Turris Omnia was created by NIC.CZ, the non-profit .CZ domain registry behind many massive internet open-source projects including Knot (DNS Server), BIRD (Internet routing daemon), and FRED (Domain registry platform). As such, we believe they have the experience required to make a secure routing platform.
- -OpenWrt
-Turris Omnia runs OpenWrt, the router operating system platform we recommend for home users. It is an incredibly lightweight operating system perfect for this workload, and it is well supported by its developers.
- -Secure Defaults
-Turris Omnia is configured securely and privately by default. It also features automatic updates that require no user interaction. The lack of updates is a security problem for most home router brands.
- -Additional Functionality
-This device can be used for more than just routing. It is a highly extensible product, allowing you to do things like add mSATA storage. It features a SIM slot that can be used alongside an LTE USB or miniPCIe modem for backup connectivity. It comes with a "virtual server", which allows you to install normal Linux applications or even entirely seperate Linux distros like Ubuntu or Debian independently of the main software, improving security and allowing for safe software experimentation.
-Home Routers
+ +
+ Website
+ Turris Omnia
+Turris Omnia is a secure, high performance, and open-source home router. It has specifications that would allow it to easily handle Gigabit-level networking, as well as additional functionality (NAS, printserver, or other server type use-cases).
+Turris Omnia was created by NIC.CZ, the non-profit .CZ domain registry behind many massive internet open-source projects including Knot (DNS Server), BIRD (Internet routing daemon), and FRED (Domain registry platform). As such, we believe they have the experience required to make a secure routing platform.
+ +OpenWrt
+Turris Omnia runs OpenWrt, the router operating system platform we recommend for home users. It is an incredibly lightweight operating system perfect for this workload, and it is well supported by its developers.
+ +Secure Defaults
+Turris Omnia is configured securely and privately by default. It also features automatic updates that require no user interaction. The lack of updates is a security problem for most home router brands.
+ +Additional Functionality
+This device can be used for more than just routing. It is a highly extensible product, allowing you to do things like add mSATA storage. It features a SIM slot that can be used alongside an LTE USB or miniPCIe modem for backup connectivity. It comes with a "virtual server", which allows you to install normal Linux applications or even entirely seperate Linux distros like Ubuntu or Debian independently of the main software, improving security and allowing for safe software experimentation.
+Worth Mentioning
+ +-
+
- Pepwave Surf SOHO - A lower-end business-class router with stable, secure, and easy-to-use firmware. Unlike most business-class routers, the interface is easy to use while still feature-rich. +
U2F Security Keys
+ +{% include cardv2.html +title="YubiKey 5" +image="/assets/img/png/3rd-party/yubikey-5c.png" +description='The YubiKey 5 is a multi-protocol security key, providing strong two-factor, multi-factor and passwordless authentication, and seamless touch-to-sign. It supports FIDO2, FIDO U2F, one-time password (OTP), abd OpenPGP smart card functionality. It is available in a variety of form factors for desktop or laptop.' +website="https://www.yubico.com/products/yubikey-5-overview/" +github="https://github.com/yubico" +%} + +{% include cardv2.html +title="Yubico Security Key" +image="/assets/img/png/3rd-party/yubico-security-key.png" +description='The Yubico Security Key is a budget option for secure two-factor authentication, supporting the U2F and FIDO2 protocols to protect your accounts against remote takeovers.' +website="https://www.yubico.com/products/security-key/" +github="https://github.com/yubico" +%} + +{% include cardv2.html +title="SoloKeys" +image="/assets/img/png/3rd-party/solokey.png" +description='The SoloKey is the "first open-source FIDO2 security key", available in both USB-A and USB-C variants with optional NFC capability for mobile devices. It is less feature-rich compared to the YubiKey 5 lineup, but at $20 it is a great starting point for securing your accounts, or backup U2F authenticator.' +website="https://solokeys.com/" +github="https://github.com/solokeys" +%} + +Worth Mentioning
+ +-
+
- OnlyKey - Another open-source option, OnlyKey supports TOTP codes, YubiKey compatible OTP, and U2F, making it very compatible with most websites. It also has a hardware PIN lock in case the device is lost or stolen. We would like to see GPG smart card support and a variety of form factors (USB-C, NFC) before recommending it for general use. +
Further Reading
+-
+
- RouterSecurity.org - A list of router configuration tips to keep your router and network secure. +