A Linux Distro From the US Department of Defense

donadony writes "The Lightweight Portable Security distribution was created by the Software Protection Initiative under the direction of the Air Force Research Laboratory and the U.S. Department Of Defense. The idea behind it is that government workers can use a CD-ROM or USB stick to boot into a tamper proof, pristine desktop when using insecure computers such as those available in hotels or a worker's own home. The environment that it offers should be largely resistant to Internet-borne security threats such as viruses and spyware, particularly when launched from read-only media such as a CDROM. The LPS system does not mount the hard drive of the host machine, so leaves no trace of the user's activities behind."

Review

There is a review of LPS over at DistroWatch:
http://distrowatch.com/weekly.php?issue=20110704#feature

Re:Review

Thanks for the link. I think the reviewer nailed it though - the fact that it includes Flash which has new vulnerabilities about every 7 minutes and runs as root is just bizarre. Sure it resets when you reboot but if someone can easily exploit your machine and get to data you may have available on it by virtue of your existing session then all bets are off. Disappointing to me.

Re:Review

[Hognoxious]

You have to assume a massive amount of juvenile thinking on the part of the Air Force to believe
they would be totally unaware of that possibility.

Have you seen how much they pay for toilet seats? I wouldn't be so confident.

Re:Review

[LoRdTAW]

Eh its already known that things like expensive toilet seats, step ladders, hammers and other run of the mill items are mostly a myth. Certain items like the step ladder turned out to be custom built ladders for the F-14 fighter jet and not something you buy at home depot to paint your ceiling. Other explanations are the adding of overhead costs to line items in the financial breakdown of the finished piece of military hardware.

Military hardware is mostly low production and highly custom. Computer monitors on battle ships might cost upward of $100,000 but they may have only made 10 of them at a time and specked to resist EMP (from a nuke) constant rocking and other severe environmental operating conditions.

There are even military specs for chip (IC) packaging. So the circuit boards inside some of the military hardware might be completely different from consumer electronics even though they may perform the same or similar function.

Re:Review

[garyebickford]

I'll just add that the coffee pot on a 747 costs (IIRC) $4000 - airplane equipment is just expensive, due to (as the parent noted) low volumes, expensive development and expensive parts. Just about everything electrical on an aircraft has to pass both FAA and FCC, and every time you change a resistor the whole thing has to go through certification again, at cost exceeding $1 million - each. So, amortize that cost over perhaps 500 planes, plus spares, parts, etc. and you are talking about perhaps $1000 per coffeepot just to get federal approval. As the parent noted, for a military application it all gets more expensive. In the one instance I was involved in that, it took the company I worked for over a year, and several engineering person-years, to get through Tempest qualification.

If you think military stuff is expensive, check out medical supplies. In my own experience (a long time ago), a piece of vinyl tubing used in the blood pump for kidney dialysis machines, that has to be replaced for each patient, retailed for $150. This was exactly the same tubing you can buy at the HW store for $1 per foot today. It was sterilized, inspected and packaged by the machine maker. Of course again it had to pass FDA, and no hospital was going to risk a liability suit by buying from any other source, and perhaps 1/4 to 1/3 of the wholesale price of that part was liability insurance carried by the machine maker. So the entire structure of the medical industry has created a cost nightmare. If hospitals could acquire that part on the open market, or (perhaps better) just sterilize their own without risk of liability suits, the cost of that one part might be under $10. (needless to say, this is a summary and doesn't cover all the salient points.)

Re:RAM

[rbollinger]

I don't see how this is any different than any other live CD though.

I don't think it really is any different. It's just now an approved solution for DOD personnel.

Re:Ha! BIOS, gotcha!

[rbollinger]

It's like using a condom... it won't protect you 100% but that's still safer than doing nothing!

Re:RAM

[Pharmboy]

I don't see how this is any different than any other live CD though.

As someone else pointed out, this is an "approved" method, meaning they have vetted the distro and believe it to be secure. This actually makes sense, and is much better than telling your soldiers "go download some live linux cd and make sure it is secure".

One of the major benefits of Linux is the ability to make your own distro for special applications like this. And since it is available freely for download (not required but they did it anyway) and the source is available, that makes it even better.

Re:keylogger

[jm0le]

this. trusted software is pointless unless you can trust the hardware.

Re:BIOS?

If I were a country whose internal stability relies on the economy and the economy relies solely on exports, I'd be really careful about doing that.

Re:Oh, it get's WORSE!

Oh shit! How did I miss this gem here?

LPS differs from traditional operating systems in that it isn't continually patched.

Poor reading comprehension? You might want to work on that. You also might want to work on that little "reading into things that which is not there" problem you got as well.

You sort of missed this part

LPS is designed to run from read-only media and without any persistent storage.

as well as the release notes that show that it has been updated several times this year.

Re:Oh, it get's WORSE!

[EdIII]

It's asinine to claim that it is tamper proof. That right there should be raising red flags.

Considering the "threat" from China and chip suppliers to consider any machine that you have not personally inspected down to the firmware to be secure is just nuts.

Sure, they booted into a different OS and bypassed the local storage completely. Great. Any OS rootkits cannot get loaded and access the "secure" OS. Fine.

What about rootkits that can get loaded via different means? NIC cards? Storage adapters? LCD monitors that have small repeaters to record and send encrypted frames of what is displayed? Keyloggers loaded directly into the keyboard?

It's only as secure as the weakest link. Hotel computers and home systems? Yeah...... I can see the TV repair man coming in and the next thing you know we have a conduit into a tamper proof secure DoD network.

That distro is not going to be smart enough to validate all the hardware it is running on, and if it did, it would defeat the whole purpose wouldn't it?

Asinine is an understatement and we actually paid to have this developed.

Re:keylogger

[Xtifr]

A condom won't protect you from the common cold, but that's no reason not to use one.

Re:Oh, it get's WORSE!

[jimbolauski]

If you think they will allow access to sensitive networks you are nuts, they won't even be able to access their email unless the computer has a smart chip reader, all this is really doing it making the printing out of plane tickets from a hotel computer a little safer.

Re:Ha! BIOS, gotcha!

[physicsphairy]

Actually, doing nothing is the tried and true Slashdot defense against STDs.

Re:RAM

[LordLimecat]

Its different because not only is it approved for clearanced work, it also has a version of Firefox with CAC-reader support. My understanding has always been that CAC support was limited to windows; no longer.

Re:Oh, it get's WORSE!

[LordLimecat]

BRILLIANT! That means that any flaws in your OS or applications (web browser) WON'T BE PATCHED

Which isnt really an issue for several reasons:
A) most of the code out there isnt targetting some obscure form of linux
B) this is a live distro, so there is no permenant storage, so no real worry of a rootkit
C) someone booting up this distro is unlikely to be doing so for reasons that would expose him to threats

Hence the lack of caring about /etc/passwd, or running as root, or all the rest. Its generally irrelevant on a live distro because you cannot get rootkitted.

Re:close, but no cigar..

[LordLimecat]

This is what things like SSL are for. No need to reinvent the wheel here.

Re:Ha! BIOS, gotcha!

[thegarbz]

I think it's more like using the pill. Not as effective as a condom.

The reason is that a lot of intrusion these days happens on the hardware level. This OS would do nothing to protect from the hardware keyloggers attached inline with the keyboard that have been seen at some internet cafes.

The summary got it right for once. It only protects against largely against the kind of internet borne threats that infect computers.

Re:RAM

[Jah-Wren+Ryel]

As someone else pointed out, this is an "approved" method, meaning they have vetted the distro and believe it to be secure. This actually makes sense, and is much better than telling your soldiers "go download some live linux cd and make sure it is secure".

More likely it is about CYA. Government security runs on CYA. Having an approved distribution means that everyone else in the organisation can use it, recommend it, even mandate it without having to worry about taking the blame if there is something wrong with it. Without an approved distro, no distro would be permitted at all.

More generally government security is totally top down - you have groups of "experts" (who may or may not actually be experts) who come up with procedures and requirements. Those are then made into official policy and distributed downline to security officers and regular users who are expected to follow those procedures to the letter without trying to think through the actual goals. When the official policy is fuzzy, you get different sites making different interpretations, sometimes with head-shakingly comedic effect - like mandatory windows virus-scans on non-windows comptuers or forbidding the installation of ssh (because its not officially approved) while leaving rlogin in place. But even those, often ridiculous, interpretations still have full CYA as long as they don't violate the official documented policies.

Replacements instead of patches

[DragonWriter]

BRILLIANT! That means that any flaws in your OS or applications (web browser) WON'T BE PATCHED

It doesn't get patches because it runs from read-only media; the approved version is updated when necessary to address security concerns, but you have to use new read only media, rather than patching the existing one, that being the nature of "read-only".
 

Re:No trace, eh?

[Darkness404]

...Because we all know that everyone wanting anonymity -must- be doing something illegal.

Wont work in hotels, airports, etc.

I've been working in the kiosk industry for about 8 years now. The current company I work for has around 1000 kiosks in hotels, airports, business centers, etc as well as having around 20,000 customers.

I can tell you that 99% of hotel's are setup to NOT allow USB or CDRom booting for the very obvious reasons. Most are setup as well to only read CDROM and read/write from USB and also have a Bios password set to disable the ability to execute from a different device.

I suspect this project will die off pretty quickly or fail soon if the people involved with the idea didn't even do some simple research or know about this type of information. Sure it would be a great use for their home computers but outside of that the CD's will just be one more thing to fall into the hands of people who will abuse it and become yet another security hole.

Re:Wont work in hotels, airports, etc.

[lostfayth]

I used to work in the hospitality industry as well - the company installed, maintained and supported guest internet access for hotels and transit companies (we had several bus and rail contracts). For the locations with a lot of government or corporate guests, standing orders from the hotel management was to do whatever was necessary to get these guests online. Lockheed-Martin employees were one of our biggest sources of calls, their vpn would not let them reach the captive portals and they had to be passed through manually. Many government employees and contractors had exactly the same problem. Anyone else would be told to contact their IT department to sort that mess out.

Don't underestimate what hotels will do to accomidate what may be one of their largest customer groups. When a company like Lockheed-Martin says fix this or our employees will no longer be staying at your hotel, you fix their complaint, you don't tell them 'but we locked down that functionality' and lose 80+% of your business.

quantum electron crumbs...?

[Rhinobird]

Dude. That's what housekeeping is for...

Re:Our government at work.....

[dbIII]

The reality is probably one guy altering knoppix for a custom spin, another guy doing QC and other saying "wouldn't it be cool if package X was in there as well".
I sounds like cheap skunkworks stuff getting a rubber stamp.

Re:BIOS?

[icebike]

Too bad you don't run China then...

Re:BIOS?

[znerk]

If I were a country whose internal stability relies on the economy and the economy relies solely on exports, I'd be really careful about doing that.

If I were a country large enough to embrace, engulf, and extinguish any problematic regions were my clandestine activities detected, I might be careful about doing it, but not too terribly worried about the consequences of getting caught.

Re:No trace, eh?

[PopeRatzo]

Seems like something child pornographers would be interested in. Among other people.

You know what child pornographers and "other people" are interested in? Air. They like breathing. Is that a knock on oxygen?

Do you really believe that a seriously secure OS is something bad just because "child pornographers...among other people" might be interested in it?

That sounds a lot like an argument you'd hear from people who believe that there should be a back door in everything so "the authorities" can take a peek.

Here's a news flash: I don't give a fuck if child pornographers are interesting in something. I'm not prepared to give up every last bit of my own privacy just because there happen to be perverts in the world.

Among other people.

Re:RAM

[icebike]

Running as root on read only memory is not as dangerous as it might seem.

Smart people don't run as root because they know that they make mistakes, and might accidentally rm -rf / some day.
They also know that some process might replace a system binary.

Both problems are solved with read only memory for the OS.

Re:RAM

[fluffy99]

This isn't intended to be just another Live CD. The disks or thumb drives are corporate specific, and are setup to boot and provide a secure VPN into the company. Not for general use. In fact they are usually setup so they can only reach out to the company or agency's VPN server. This is a far more secure solution that letting users install VPN software on their personal computers, and a lot cheaper than buying them govt owned computers that they might try to connect to the general internet.

Two issues

[NicknamesAreStupid]

(1) device support. For example. LiveCD does not support certain wireless adapters. (2) virtualization. Can you be sure you are not booting into a VM?

Re:BIOS?

[arose]

Randomised positioning is just about a requirement of an on screen keyboard used for this purpose. Of course random key mapping works for the keyboard as well.

Re:RAM

[Nutria]

America runs on CYA. If a drug company puts out a vaccine that kills children, as long as they have followed the proper protocol they will not be liable for the murder of the children.

You're mistaking CYA with "we can't know everything, but we did our best by following agreed-upon standards and practices". This country (and Europe for that matter) is already too nannyish and afraid of lawyers (refer to the "Can a Playground Be Too Safe?" article. Any more and progress will grind to a *complete* halt.

Re:No trace, eh?

[silanea]

Absolutely, this outrageous device should be banned immediately. They did it with incandescent light bulbs, after all: Used by pedophiles, terrorists and tax evaders all over the globe. So they did away with it. And the world is a safer place already.

Re:Ha! BIOS, gotcha!

[sorak]

Actually, doing nothing is the tried and true Slashdot defense against STDs.

That's the abstinence paradox. Those who strive for abstinence tend to fail, while those who try, desperately for sex, often fail as well. If they were to switch goals, would they be successful?

Evil is universal

[DragonHawk]

I never said the OS is a bad thing. Please don't put words in my mouth.

I note that PopeRatzo never said *you* said the OS was a bad thing.

My actual intent was that it seems like something I would want to be used for official purposes only.

And that is what the objection is to: The idea that things ought to be restricted in their use because they can also be used by bad people. Just about anything can be used for good or ill; if you attempt to control anything that might potentially be misused or abused, there's nothing left.