A Linux Distro From the US Department of Defense 210
donadony writes "The Lightweight Portable Security distribution was created by the Software Protection Initiative under the direction of the Air Force Research Laboratory and the U.S. Department Of Defense. The idea behind it is that government workers can use a CD-ROM or USB stick to boot into a tamper proof, pristine desktop when using insecure computers such as those available in hotels or a worker's own home. The environment that it offers should be largely resistant to Internet-borne security threats such as viruses and spyware, particularly when launched from read-only media such as a CDROM. The LPS system does not mount the hard drive of the host machine, so leaves no trace of the user's activities behind."
Review (Score:5, Informative)
There is a review of LPS over at DistroWatch:
http://distrowatch.com/weekly.php?issue=20110704#feature
Re: (Score:2, Interesting)
Thanks for the link. I think the reviewer nailed it though - the fact that it includes Flash which has new vulnerabilities about every 7 minutes and runs as root is just bizarre. Sure it resets when you reboot but if someone can easily exploit your machine and get to data you may have available on it by virtue of your existing session then all bets are off. Disappointing to me.
Re: (Score:2)
But your "current machine" is just a host, where you use memory, and nic, and that'ts about it.
The chances that someone can "get to your machine" are extremely small, because it presumably has its own firewall, and Flash, while present, gets to write in temporary memory which gets purged when the browser shuts down.
The developers can't be totally ignorant of the fact about flash, and several modern
browsers sandbox flash already. With read only storage flash becomes pretty well contained.
You have to assum
Re: (Score:3)
Have you seen how much they pay for toilet seats? I wouldn't be so confident.
Re:Review (Score:4, Informative)
Eh its already known that things like expensive toilet seats, step ladders, hammers and other run of the mill items are mostly a myth. Certain items like the step ladder turned out to be custom built ladders for the F-14 fighter jet and not something you buy at home depot to paint your ceiling. Other explanations are the adding of overhead costs to line items in the financial breakdown of the finished piece of military hardware.
Military hardware is mostly low production and highly custom. Computer monitors on battle ships might cost upward of $100,000 but they may have only made 10 of them at a time and specked to resist EMP (from a nuke) constant rocking and other severe environmental operating conditions.
There are even military specs for chip (IC) packaging. So the circuit boards inside some of the military hardware might be completely different from consumer electronics even though they may perform the same or similar function.
Re: (Score:3)
I'll just add that the coffee pot on a 747 costs (IIRC) $4000 - airplane equipment is just expensive, due to (as the parent noted) low volumes, expensive development and expensive parts. Just about everything electrical on an aircraft has to pass both FAA and FCC, and every time you change a resistor the whole thing has to go through certification again, at cost exceeding $1 million - each. So, amortize that cost over perhaps 500 planes, plus spares, parts, etc. and you are talking about perhaps $1000 per
Regulation is expensive (Score:2)
Too bad not everybody can easily get around it.
Think crop dusters. They have an airplane, and to put a power takeoff from the engine to the spray pump would mean FAA recertification of the entire powertrain. Answer: Use a ram air turbine, a windmill that sticks out into the airstream to power the pump. No modification to the airplane itself, no recertification necessary.
Re: (Score:2)
Ingenuity triumphs! :D
RAM (Score:2)
I don't see how this is any different than any other live CD though.
Re: (Score:3)
I don't think it really is any different. It's just now an approved solution for DOD personnel.
Re:RAM (Score:4, Informative)
This isn't intended to be just another Live CD. The disks or thumb drives are corporate specific, and are setup to boot and provide a secure VPN into the company. Not for general use. In fact they are usually setup so they can only reach out to the company or agency's VPN server. This is a far more secure solution that letting users install VPN software on their personal computers, and a lot cheaper than buying them govt owned computers that they might try to connect to the general internet.
Re: (Score:2)
Not exactly "just now" - I've seen this over two years ago already, and I'm not even in the US, let alone the military.
Re:RAM (Score:5, Informative)
I don't see how this is any different than any other live CD though.
As someone else pointed out, this is an "approved" method, meaning they have vetted the distro and believe it to be secure. This actually makes sense, and is much better than telling your soldiers "go download some live linux cd and make sure it is secure".
One of the major benefits of Linux is the ability to make your own distro for special applications like this. And since it is available freely for download (not required but they did it anyway) and the source is available, that makes it even better.
Re:RAM (Score:5, Insightful)
As someone else pointed out, this is an "approved" method, meaning they have vetted the distro and believe it to be secure. This actually makes sense, and is much better than telling your soldiers "go download some live linux cd and make sure it is secure".
More likely it is about CYA. Government security runs on CYA. Having an approved distribution means that everyone else in the organisation can use it, recommend it, even mandate it without having to worry about taking the blame if there is something wrong with it. Without an approved distro, no distro would be permitted at all.
More generally government security is totally top down - you have groups of "experts" (who may or may not actually be experts) who come up with procedures and requirements. Those are then made into official policy and distributed downline to security officers and regular users who are expected to follow those procedures to the letter without trying to think through the actual goals. When the official policy is fuzzy, you get different sites making different interpretations, sometimes with head-shakingly comedic effect - like mandatory windows virus-scans on non-windows comptuers or forbidding the installation of ssh (because its not officially approved) while leaving rlogin in place. But even those, often ridiculous, interpretations still have full CYA as long as they don't violate the official documented policies.
Re: (Score:2)
Re: (Score:3)
America runs on CYA. If a drug company puts out a vaccine that kills children, as long as they have followed the proper protocol they will not be liable for the murder of the children.
You're mistaking CYA with "we can't know everything, but we did our best by following agreed-upon standards and practices". This country (and Europe for that matter) is already too nannyish and afraid of lawyers (refer to the "Can a Playground Be Too Safe?" article. Any more and progress will grind to a *complete* halt.
Re: (Score:2)
And that's why China has near double digit % growth in GDP year after year after year.
Re: (Score:2)
I can confirm from inside the federal gov't that you're precisely right. One agency was running IE6 in 2008 when I visited. They all hated it but for 'security reasons' they weren't allowed to upgrade. The reason? Not b/c IE7 was less secure but b/c they hadn't done a security 'analysis' of it, so it wasn't cleared for use (never mind that the rest of the world has done so, and it was possible to determine with a high degree of confidence that IE7 was more secure by googling the topic for half an hour or le
Online Banking (Score:2)
Re: (Score:3)
Running as root on read only memory is not as dangerous as it might seem.
Smart people don't run as root because they know that they make mistakes, and might accidentally rm -rf / some day.
They also know that some process might replace a system binary.
Both problems are solved with read only memory for the OS.
Re: (Score:2)
Real admins rm -rf / first thing in the morning, just for the exercise - then see if they can rebuild from cold iron in under 15 minutes. Then, done with calisthenics, it's off to work! :D
Re:RAM (Score:5, Informative)
Its different because not only is it approved for clearanced work, it also has a version of Firefox with CAC-reader support. My understanding has always been that CAC support was limited to windows; no longer.
Re: (Score:2)
The CAC is that kind of thing, but a DoD-specific version of the concept.
AFAIK, Linux support for the CAC is further along than Mac support.
Re: (Score:2)
If the computer is left on the RAM can still leave traces behind.
I don't see how this is any different than any other live CD though.
There are standard system calls available to over right memory in any platform this would run on.
Since it doesn't use the hard drive, there launcher just needs to be able to make one pass thru
the virtual drive and over write everything.
But it would be far simpler to use encryption on the virtual hard drive. That way, no clean up
is necessary.
Re: (Score:2)
Why bother?
Just use encryption on the Virtual disk you allocate out of the host machine's memory.
Re: (Score:2)
Re: (Score:2)
True, but where?
Figuring out what is stored where in a block of binary storage than you can't even dump to disk for fear of altering it seems like a huge guessing game.
Re: (Score:2)
Re: (Score:2)
Ha! BIOS, gotcha! (Score:2)
Yeah, this was a good idea... I actually have Ubuntu installed on a portable USB drive -- It's faster than installing off a CD and it remembers saved data, bookmarks & installed progs (instead of a clean boot image).
However, I don't think for a moment that this prevents an infected system BIOS/CMOS from infecting the MBR of the flash drive, or that even booting off of a CD-R will be able to keep me safe if the hardware can't be trusted... I mean, If you want security, why not give them a personal mo
Re:Ha! BIOS, gotcha! (Score:4, Insightful)
Re:Ha! BIOS, gotcha! (Score:5, Funny)
Actually, doing nothing is the tried and true Slashdot defense against STDs.
Re: (Score:3)
Actually, doing nothing is the tried and true Slashdot defense against STDs.
That's the abstinence paradox. Those who strive for abstinence tend to fail, while those who try, desperately for sex, often fail as well. If they were to switch goals, would they be successful?
Re: (Score:3)
I think it's more like using the pill. Not as effective as a condom.
The reason is that a lot of intrusion these days happens on the hardware level. This OS would do nothing to protect from the hardware keyloggers attached inline with the keyboard that have been seen at some internet cafes.
The summary got it right for once. It only protects against largely against the kind of internet borne threats that infect computers.
rbollinger ambiguity (Score:2)
doing nothing (i.e. abstinence) is safer than sex with a condom, but sex with a condom is safer than doing nothing about protection
Re: (Score:2)
I have Ubuntu running on a portable USB drive too, but even after messing with the casperfs stuff, I can't figure how to get a persistent drive storage (granted I'm a linux idiot). Any links or helpful tips? (realizing this is way OT). Thanks!
Re: (Score:2, Informative)
Oh shit! How did I miss this gem here?
LPS differs from traditional operating systems in that it isn't continually patched.
Poor reading comprehension? You might want to work on that. You also might want to work on that little "reading into things that which is not there" problem you got as well.
You sort of missed this part
LPS is designed to run from read-only media and without any persistent storage.
as well as the release notes that show that it has been updated several times this year.
Re: (Score:3)
It's asinine to claim that it is tamper proof. That right there should be raising red flags.
Considering the "threat" from China and chip suppliers to consider any machine that you have not personally inspected down to the firmware to be secure is just nuts.
Sure, they booted into a different OS and bypassed the local storage completely. Great. Any OS rootkits cannot get loaded and access the "secure" OS. Fine.
What about rootkits that can get loaded via different means? NIC cards? Storage adapters? LCD
Re: (Score:3)
Re: (Score:2)
they won't even be able to access their email unless the computer has a smart chip reader
I might be wrong, but thats probably why the distro includes CAC and PIV card support.
Re: (Score:2)
What about rootkits that can get loaded via different means? NIC cards? Storage adapters? LCD monitors that have small repeaters to record and send encrypted frames of what is displayed?
Statistically and practically speaking, those are if miniscule concern especially compared with the relatively common MBR rootkits out there.
Not to mention the inherent difficulties in trying to install a generic rootkit to specific hardware via CMOS overwrite; I dont think its anywhere as easy as you seem to think it is. Hint-- not all BIOSes will work on all motherboards (and the same is true of NICs, etc).
Re: (Score:2)
Every time I think people on /. can't get any more clueless, I read posts like this and my faith is restored.
NIC cards? All data is encrypted at Layer 3 or 4 (SSL/TLS or IPSEC), so all a NIC is going to see is encrypted Ethernet frames.
Storage adapters? So? Feel free to read the publicly-available ISO from the CD-ROM drive. In fact, just go download your own copy. No other storage adapters are used.
Hardware Key-loggers? Stopped by multi-factor smart cards (aka CAC and PIV cards). That is, they can't snarf p
Re: (Score:2)
You forgot modified video card firmware... where's your hand-wavy magic for that one?
</tin-foil>
Re: (Score:2)
You're childish assertion of essentially "if it isn't absolutely 100% secure against anything I can imagine, it is worthless" shows you don't know shit about security.
The fact that you make that assertion indicates a reading comprehension problem.
My issue was with the tamper proof claim, not tamper resistant, tamper proof. That is asinine. I never claimed it was without value, or that it had to be 100% secure.
All I stated was that it is not 100% secure, therefore, not tamper proof.
Re: (Score:2)
They said tamper proof. Not tamper resistant.
It's not what they are trying to do, it is what they are claiming as the level of security. That is my issue.
I never said completely unbreakable. I just said tamper proof is bullshit, and it is.
Re:Oh, it get's WORSE! (Score:4, Interesting)
BRILLIANT! That means that any flaws in your OS or applications (web browser) WON'T BE PATCHED
Which isnt really an issue for several reasons:
A) most of the code out there isnt targetting some obscure form of linux
B) this is a live distro, so there is no permenant storage, so no real worry of a rootkit
C) someone booting up this distro is unlikely to be doing so for reasons that would expose him to threats
Hence the lack of caring about /etc/passwd, or running as root, or all the rest. Its generally irrelevant on a live distro because you cannot get rootkitted.
Replacements instead of patches (Score:3)
It doesn't get patches because it runs from read-only media; the approved version is updated when necessary to address security concerns, but you have to use new read only media, rather than patching the existing one, that being the nature of "read-only".
Re: (Score:2)
Ok... so, tell me why this less secure distro is worth wasting anyone's time over considering that my writable USB gets updates as soon as they're released to my distro, sans burning / installing a new ISO... Booting from a clean USB every so often? Hmm, yeah, I can do that too.
Let's not forget -- If you put the end users in charge of their own security, they won't have any. Seriously, once I talked to a guy who figured out how to bypass the "your password has expired, choose a new password" security
Re: (Score:2)
"your password has expired, choose a new password" security feature. Keep the same password by changing it 5 times in a row to exhaust the previously-used password buffer. "
easy fix for that
have a rule that the password can not be changed for 7 days after it has been changed
(and in some instances Fire somebody for trying this trick)
So like puppy linux (Score:2)
Except with some useful proprietary applications with GUIs for encryption and making it difficult to have persistent data.
I guess the kernel has all proprietary divers in it so its more likely just work and support hardware but that also comes with the slightest chance that its just an excuse to get a back-door in there (thought if there is one; the other end does not care what you are doing).
Re: (Score:2)
Re: (Score:2)
If every PC you hit has network access, does it matter? Store your data ( and config too ) back at your office. If the PC doesn't have network access, its going to be sort of a moot point anyway in most cases.
Re: (Score:2)
I’m guessing you are meaning the lack of persistent data. I mean that as a good thing for this distro; it appears to be designed to login to encrypted sites and access and send encrypted data from potentially compromised computers. You cant accidentally save or install a virus that could compromise all further communications for the sake convenience on a live USB disk.
Surely they should have thought of everything! (Score:2)
But can it run America's Army?
it needs a Name (Score:2)
call it Dod-ian
Wont work in hotels, airports, etc. (Score:2, Interesting)
I've been working in the kiosk industry for about 8 years now. The current company I work for has around 1000 kiosks in hotels, airports, business centers, etc as well as having around 20,000 customers.
I can tell you that 99% of hotel's are setup to NOT allow USB or CDRom booting for the very obvious reasons. Most are setup as well to only read CDROM and read/write from USB and also have a Bios password set to disable the ability to execute from a different device.
I suspect this project will die off prett
Re: (Score:3, Interesting)
I used to work in the hospitality industry as well - the company installed, maintained and supported guest internet access for hotels and transit companies (we had several bus and rail contracts). For the locations with a lot of government or corporate guests, standing orders from the hotel management was to do whatever was necessary to get these guests online. Lockheed-Martin employees were one of our biggest sources of calls, their vpn would not let them reach the captive portals and they had to be passe
You know.... (Score:2)
It would really save some annons a lot of trouble if this distro would just upload all of the confidential files to pirate bay.
Think how much time we would save waiting for the right person with the right access, or the right system to be vulnerable and get exploited. Its all going up there eventually anyway, so why not skip the middle man? I suppose thats too much efficiency to hope for.
Re: (Score:2)
Re: (Score:2)
Who would trust a Linux distro - even a LiveCD - claiming to be put out by Anon?
Two issues (Score:3)
Re: (Score:2)
Issue (3) Can you be sure that the hardware is secure? Though unlikely, a key logger is a real threat to even this type of security.
When I don my tin-foil hat, I often wonder how secure any hardware is in this regard. Given the number of USB devices that have shipped with mal-ware factory installed, I wonder if there are not more deliberate and high-level attempts to manufacture hardware with key-loggers or similar nastiness built in. When Lonovo bought IBM the idea crossed my mind that it would be fairl
Re: (Score:2)
hardware keyloggers exist. They're small enough to be embedded inside the keyboard itself, though you may also find somethat look like the EMI ferrite lumps they put on cables and have it embedded that way. Or the lamest ones are dongles that stick in-between the keyboard cable and the computer. (And yes, they do USB).
They also don't require software - just hit a few keys, enter a password, and it'll type out the contents of the bu
not a bad sandbox method (Score:2)
classic sand-boxing is good, pretty efficient, but of course the user can leak information as he "surfs" on the CDROM, but at least old information is restricted.
I want to slam my head into a wall. (Score:2)
The idea that they would, in the time of 3g and WLAN, somebody like a employee of the DOD would try to use any hotel computer and make it magically safe by booting some OS.
Using an hotel computer or any internet cafe computer is like putting a malicous roommaid onto steroids.
There is an infinite number of people which had infinite time to place keyloggers, bug the monitor cable etc.
Re: (Score:2)
Ahem. I did not say they should store the data on the computer they take with them. They can take a clean computer with them and then run the very same linux distro they run now, but in a decently clean environment.
government security (Score:2)
though we lambaste TSA-type security theater with good reason, I get the impression that the feds are at least more serious about security for their own systems/installations
WikiLeaks 2014 - DOD Spied on employees (Score:2)
Slow download is slow. They could at least.... (Score:2)
...have seeded a copy!
Re: (Score:2)
Not so much, thet use encryption instead.
Re:No trace, eh? (Score:4, Insightful)
Re: (Score:2)
It was where you went straight away. Your mind connects anonymity with illegal activities...
Re: (Score:2)
Google "only guilty people have something to hide".
Re:No trace, eh? (Score:5, Insightful)
You know what child pornographers and "other people" are interested in? Air. They like breathing. Is that a knock on oxygen?
Do you really believe that a seriously secure OS is something bad just because "child pornographers...among other people" might be interested in it?
That sounds a lot like an argument you'd hear from people who believe that there should be a back door in everything so "the authorities" can take a peek.
Here's a news flash: I don't give a fuck if child pornographers are interesting in something. I'm not prepared to give up every last bit of my own privacy just because there happen to be perverts in the world.
Among other people.
Re: (Score:2)
This just in, pedophiles also tend to use candy to attract children. Possession of candy made illegal for anyone over 9. Stoners and college students inconsolable.
Re: (Score:2)
What did the Republican pedophile say to the 9 year old?
"Give me all your candy, you lazy little moocher. "
Evil is universal (Score:3)
I never said the OS is a bad thing. Please don't put words in my mouth.
I note that PopeRatzo never said *you* said the OS was a bad thing.
My actual intent was that it seems like something I would want to be used for official purposes only.
And that is what the objection is to: The idea that things ought to be restricted in their use because they can also be used by bad people. Just about anything can be used for good or ill; if you attempt to control anything that might potentially be misused or abused, there's nothing left.
Re: (Score:2)
Yes, for people with secrets it would clearly be a very smart choice to use software developed by the military and guaranteed by the government to be secure.
Re: (Score:2)
So...they are building backdoors into software designed to close backdoors? And if they changed Linux, wouldn't they then have to publish the source code? Source code!! Go crazy!!
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Wait.... So you're saying Nancy Grace is a pedophile?
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Insightful)
This is what things like SSL are for. No need to reinvent the wheel here.
Re: (Score:2)
Presumably youre not booting up Secure Portable Linux with Firefox+CAC support and Encryption wizard so that you can check out Huffington Post.
Re: (Score:2)
Re:keylogger (Score:4)
A condom won't protect you from the common cold, but that's no reason not to use one.
Re: (Score:3, Insightful)
If I were a country whose internal stability relies on the economy and the economy relies solely on exports, I'd be really careful about doing that.
Re:BIOS? (Score:4, Funny)
Too bad you don't run China then...
Re: (Score:3)
If I were a country whose internal stability relies on the economy and the economy relies solely on exports, I'd be really careful about doing that.
If I were a country large enough to embrace, engulf, and extinguish any problematic regions were my clandestine activities detected, I might be careful about doing it, but not too terribly worried about the consequences of getting caught.
Re: (Score:2)
Good to use an onscreen keyboard to prevent hardware key loggers.
... because there's no way to log mouse movement and clicks, right? Oh, wait...
Re: (Score:3)
quantum electron crumbs...? (Score:3)
Dude. That's what housekeeping is for...
Re: (Score:2)
An OLD distro which solves that problem:
http://tinfoilhat.shmoo.com/readme.txt [shmoo.com]
"* Keystroke monitoring.
THL has gpggrid , a wrapper for GPG that lets you use a video game style character entry system instead of typing in your passphrase. Keystroke loggers get a random set of grid points, not your passphrase."
Re: (Score:2)
The environment that it offers should be largely resistant....
And it seems they also understand this.. They didn't say 100%.
Re: (Score:3)
I sounds like cheap skunkworks stuff getting a rubber stamp.
Re: (Score:2)
Could be more into who would be interested in a
Re: (Score:2)
Re: (Score:2)