Some time ago I posted on my search for a small secure linux distribution to take care of our office paranoia.
I eventually settled on two. Lightweight portable security is perfect and the one in use at the office. Tails is perfect for personal use.
Lightweight Portable Security
The core requirements are a small OS that leaves no footprint behind and protection against attackers. We need to be able to securely do banking (that’s the office requirement) and be protected from the usual malware, key loggers and the like. It fulfils this requirement completely.
It boots off a CD which is kept in the office safe (yes, we are that paranoid) to prevent tampering. Account details are also kept in a secure location.
The image will boot from a a CD (burnt to disk using any iso CD writing software such as Brasero) or from a flash disk with the following alteration
isohybrid LPS-1.4.1_public_deluxe.iso –entry 4 –type 0x1c
to enable it to boot on the USB disk.
On boot it asks the user to accept or reject the terms and conditions and then ends with a screen that looks suspiciously like a dated version of windows. It has a functional browser, terminal and some software to encrypt and decrypt data. It leaves no trace when the PC is shut down and will not mount any partitions when in use, so it is safe for any secure transaction.
Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis
Yes, they are even more paranoid than I am. Tails hinges of this awesome project to provide users with even more.
- use the Internet anonymously almost anywhere you go and on any computer:
all connections to the Internet are forced to go through the Tor network;
- leave no trace on the computer you’re using unless you ask it explicitly;
- use state-of-the-art cryptographic tools to encrypt your files, email and instant messaging.
As with LPS it does not leave any footprints. It runs from memory, and when the flash disk is removed from the PC or laptop it immediately writes random data to ram and video memory to limit the chance of someone collecting any sensitive data.
Tails starts up by default with root locked, and no ability to access any form of persistent storage. However, with the USB image it is possible to add a persistent encrypted volume (after numerous warnings about security).
It features the tor project secured browser (a secured Iceweasel, i.e. unbranded firefox), pidgin with security bells and whistles both operating via the tor network proxy. Claws mail provides email comms. It also has an I2P client to connect users to the I2P network – I couldn’t really find any use for it although it is awesome in its own right… Note in the image above how it warns about the dangers of the virtual machine and the insecurities it is running on.
As a little test I booted up the VM and browsed a couple of web sites.
All the connections are to localhost on the tor proxy port except for the tor secure connections.
For the less paranoid, there is also an insecure browser that can initiate direct connections. This is useful for banking institutions that may take exception to their customers who switch countries of origin every 10 minutes.
The setup I use is on a small (only in form factor) 32 GB gem drive from AData
It’s virtually inconspicuous and has plenty of persistent storage (encrypted of course) for any important data. Don’t forget though, it is very dangerous to have persistent storage as someone with nefarious intent can torture you to reveal your password… Yes… It’s not paranoia if they’re really out to get you.
And, oh, and, let’s not forget. It has Windows XP camouflage…
All giggles aside, it is a great little environment. It tagged along on my recent Europe trip. Although I did not need it much it is very convenient to have a Linux boot disk handy so I can boot into something useful and secure on a friends laptop. It also raises an eyebrow or two – it’s so mysterious…
I had to include puppy linux as it is a close contender. The big reason it lost out was because it failed on a lot of our test hardware, probably because it was stripped down so heavily to optimise it. And it doesn’t have a bundled browser, a big no no.
It runs completely out of memory and has a super tiny footprint. Most likely it will run off very old hardware. Definitely have a look at it if you have need of a small and fast OS to revive your old laptop or desktop.
There were quite a few other distros in the running, however, the above are the favourites.
Long post. Thats it for now.