PaulDotCom mailing list archives

Latest trend - Linux Boot CDs for Online Banking

From: lonestarr13 at gmail.com (Michael Salmon)
Date: Tue, 20 Oct 2009 22:03:41 -0400

What about using something like microsoft steadystate?  It can be configured
to install ms updates automatically and its got a similiar benefit to live
cd's where it clears any changes on a reboot.  Or is the biggest benefit of
a live linux cd that you're not using Windows?  At least with steadystate
you can keep your os up to date, but it can be a pain to configure at first.

On Oct 20, 2009 1:28 PM, "Ben Greenfield" <bcg at struxural.com> wrote:

I guess I'm in the minority on this one, because I see using Live CD's
for banking as a terrific move that adds a lot of security.

Here are my reasons:
1)It's not practical to target the 'environment', because that means
infiltrating an organization like Canonical for example and somehow
getting a piece of malware pushed all the way through the testing and
production channels onto the end product.  That's not realistic option
for attackers in my opinion.
2)The live environment is only used for banking - no google, no
e-mail, no cnn - only banking.  This means one web browser, one tab,
just banking.  This means that cross site scripting is impossible
unless the bank's website gets attacked and has a stored XSS shoved
into it.  In that case it wouldn't matter if you were using a live cd
or not, because your in trouble.

I really only see two down sides:
1)The Live CD environments don't have the level of logging that a
persistent OS does - this can be mitigated through good network
logging procedures.
2)Patches - Live CD's become dated quickly - however, with a good
default policies on the Live CD you can mitigate some of this risk
(firewall doesn't allow inbound traffic that isn't related or
established for example).

On Mon, Oct 19, 2009 at 3:49 AM, Jim Halfpenny <jim.halfpenny at gmail.com>
wrote: > > > 2009/10/18 ...

_______________________________________________ > Pauldotcom mailing list
Pauldotcom at mail.pauldo...

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091020/fe666e91/attachment.htm

Current thread:

Latest trend - Linux Boot CDs for Online Banking Keith Pawson (Oct 13)
- Latest trend - Linux Boot CDs for Online Banking Matt Lye (Oct 13)
  - Latest trend - Linux Boot CDs for Online Banking Tim Mugherini (Oct 14)
    - Latest trend - Linux Boot CDs for Online Banking craig bowser (Oct 14)
    - Latest trend - Linux Boot CDs for Online Banking Dale Stirling (Oct 18)
    - Latest trend - Linux Boot CDs for Online Banking Jim Halfpenny (Oct 19)
    - Latest trend - Linux Boot CDs for Online Banking Ben Greenfield (Oct 20)
    - Message not available
    - Latest trend - Linux Boot CDs for Online Banking Michael Salmon (Oct 20)
    - Latest trend - Linux Boot CDs for Online Banking PJ McGarvey (Oct 21)
    - Latest trend - Linux Boot CDs for Online Banking Jim Halfpenny (Oct 22)
    - Latest trend - Linux Boot CDs for Online Banking Allen Deryke (Oct 22)
- Latest trend - Linux Boot CDs for Online Banking Tim Mugherini (Oct 14)