I've played around with this a bit. It is a real bondage-and-discipline distro. Seems designed to prevent access any local storage of any sort. Probably a good thing for the DOD, but a bit extreme for my purposes. I don't mind being made to think when I access a resource, but I like to at least have the option.
LPS is based on thin linux, and I found it interesting to try it out. I used the rather neat windows command line program that comes with the iso to make a bootable USB stick. I found an old 512Mb stick worked fine.
I downloaded the 'fat' version which gives you a basic (way basic) desktop with OpenOffice and Firefox. On an old Thinkpad T42, it had the right wifi drivers (I can imagine the selection is limited) and you can save work on a second USB stick. The VESA graphics drivers can't match the 1024by600 resolution on my netbook, so I find I use it less now.
The 'minimalist' no distraction people might find the distro useful. I got quite a lot of writing done with it one afternoon.
I believe there is at least one case of compromise where a trusted liveCD will not help: a hardware keylogger connected on the keyboard circuit. (I think i saw this in some movie, and I liked the idea very much).
So even if your kernel is trusted, your network stack is trusted at all layers, your communications are cryptographically secure, the words you are writing can be seen by an attacker through this device. Perhaps in or near realtime.
Bring along your own keyboard? A good Model M doubles as weapon and/or body armor for the enterprising agent.
On a more serious note, while it's probably a bit harder to "infect" a system with, you probably can hook something up to the USB circuitry, in which case this wouldn't help.
Unless you continue the one-upmanship and have your HID transmissions encrypted on the hardware side, then it's just semi-random garbage for any logger. A software driver in the distro then makes it usable.
Something like that might even exist, for paranoid bluetooth users...
Edit: Silly me, bluetooth does feature encryption, of course. Not sure how strong/well implemented that is in the case of most keyboards.
I had the LPS project roll a version of this for my unit. I have tried to find it useful and failed many times. Great idea, the developer working on is doing good work. But the big problem is that so much of DoD has bought products that depend on brittle WinXP and IE (Citrix, Juniper, etc).
A far more promising development in the near term has been Thursby's and Apple's progress with FIPS 140/2 certification for iOS and OS X, respectively. This means .gov and .mil smart card (CAC card) users can access web apps secured with DoD and .gov PKI infrastructure.
Right now, that's limited to Outlook webmail (only confirmed test "sat", I've heard about so far), but presents a huge enterprise market for Apple developers to target. Thursby has an API for developers.
It actually serves two different purposes: prevents information leakage from the remote (secure) networks to the local node, and prevents possible malware stored on that local node from migrating into the remote network.
[+] [-] Estragon|14 years ago|reply
[+] [-] keithpeter|14 years ago|reply
I downloaded the 'fat' version which gives you a basic (way basic) desktop with OpenOffice and Firefox. On an old Thinkpad T42, it had the right wifi drivers (I can imagine the selection is limited) and you can save work on a second USB stick. The VESA graphics drivers can't match the 1024by600 resolution on my netbook, so I find I use it less now.
The 'minimalist' no distraction people might find the distro useful. I got quite a lot of writing done with it one afternoon.
[+] [-] imperialWicket|14 years ago|reply
[+] [-] flopunctro|14 years ago|reply
So even if your kernel is trusted, your network stack is trusted at all layers, your communications are cryptographically secure, the words you are writing can be seen by an attacker through this device. Perhaps in or near realtime.
[+] [-] mhd|14 years ago|reply
On a more serious note, while it's probably a bit harder to "infect" a system with, you probably can hook something up to the USB circuitry, in which case this wouldn't help.
Unless you continue the one-upmanship and have your HID transmissions encrypted on the hardware side, then it's just semi-random garbage for any logger. A software driver in the distro then makes it usable.
Something like that might even exist, for paranoid bluetooth users...
Edit: Silly me, bluetooth does feature encryption, of course. Not sure how strong/well implemented that is in the case of most keyboards.
[+] [-] learc83|14 years ago|reply
But seriously, hardware compromised machines are much much less likely than remotely installed malware.
[+] [-] niels_olson|14 years ago|reply
A far more promising development in the near term has been Thursby's and Apple's progress with FIPS 140/2 certification for iOS and OS X, respectively. This means .gov and .mil smart card (CAC card) users can access web apps secured with DoD and .gov PKI infrastructure.
Right now, that's limited to Outlook webmail (only confirmed test "sat", I've heard about so far), but presents a huge enterprise market for Apple developers to target. Thursby has an API for developers.
http://osdir.com/ml/general/2012-04/msg43528.html
[+] [-] lazylland|14 years ago|reply
[+] [-] kylemaxwell|14 years ago|reply