Security Basics mailing list archives
RE: secure live-cd
From: "Chris Serafin" <chris () chrisserafin com>
Date: Tue, 20 Dec 2005 22:11:33 -0600
You should look into using WHax or Auditor live linux cd's, I don't know how secure they are out the box, but they are pen testing cd's; and rock at that feature. Chris Serafin IT Security / Voice Engineer chris () chrisserafin com -----Original Message----- From: Stephen J. Smoogen [mailto:smooge () gmail com] Sent: Sunday, December 18, 2005 9:34 PM To: alfonso () yahoo com Cc: security-basics () securityfocus com Subject: Re: secure live-cd On 14 Dec 2005 19:28:23 -0000, alfonso () yahoo com <alfonso () yahoo com> wrote:
hello list, I was looking for someting like a live cd to be used in secure
comunications over the internet from unsecure places like public computers, internet cafes etc. The cd would contain applications like gaim with gaim-encryptions, silc (client & server), email client with gpg encryption. I don't know if there is such a distro and if it does exist how does it keep the gpg jeys and all the other private keys safe...
Knoppix and similar tools would be your starting point. HOWEVER, there would be the problem of the secret keys used by gpg, gaim, etc. Burning them onto the cdrom would be problematic in that a) you would need to have a cd per individual, and b) you would need to make sure that the cdrom did not get lost as then the secret key would be compromised. Ways around this would be that you set up a centralized key authority that requires the person to boot the cdrom, prove to a level of confidence that she is who she says she is, and then retrieves the keys to ram. Another would be to have on a USB or some other data chip the secret keys and they can only be unlocked by a strong password. At any point along this, you would need to keep your trust of any individual/group using these disks to Knee Cap level. That is the level where someone would give up the passwords to unlock their passwords rather than having their knee caps wrenched apart. -- Stephen J Smoogen. CSIRT/Linux System Administrator --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfoc_ml ---------------------------------------------------------------------------- --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ----------------------------------------------------------------------------
Current thread:
- secure live-cd alfonso (Dec 17)
- Re: secure live-cd Tofik Suleymanov (Dec 19)
- Re: secure live-cd Stephen J. Smoogen (Dec 19)
- RE: secure live-cd Chris Serafin (Dec 21)
- Re: secure live-cd Devesh Misra (Dec 26)
- RE: secure live-cd Chris Serafin (Dec 21)