

LPS: Lightweight Portable Security Linux distribution - reinhardt
http://www.spi.dod.mil/lipose.htm

======
Estragon
I've played around with this a bit. It is a real bondage-and-discipline
distro. Seems designed to prevent access any local storage of any sort.
Probably a good thing for the DOD, but a bit extreme for my purposes. I don't
mind being made to think when I access a resource, but I like to at least have
the option.

~~~
keithpeter
LPS is based on thin linux, and I found it interesting to try it out. I used
the rather neat windows command line program that comes with the iso to make a
bootable USB stick. I found an old 512Mb stick worked fine.

I downloaded the 'fat' version which gives you a basic (way basic) desktop
with OpenOffice and Firefox. On an old Thinkpad T42, it had the right wifi
drivers (I can imagine the selection is limited) and you can save work on a
second USB stick. The VESA graphics drivers can't match the 1024by600
resolution on my netbook, so I find I use it less now.

The 'minimalist' no distraction people might find the distro useful. I got
quite a lot of writing done with it one afternoon.

------
imperialWicket
I think Tails (<https://tails.boum.org/>) is a great alternative to LPS for
the non-DOD user who is attentive to security.

------
flopunctro
I believe there is at least one case of compromise where a trusted liveCD will
not help: a hardware keylogger connected on the keyboard circuit. (I think i
saw this in some movie, and I liked the idea very much).

So even if your kernel is trusted, your network stack is trusted at all
layers, your communications are cryptographically secure, the words you are
writing can be seen by an attacker through this device. Perhaps in or near
realtime.

~~~
mhd
Bring along your own keyboard? A good Model M doubles as weapon and/or body
armor for the enterprising agent.

On a more serious note, while it's probably a bit harder to "infect" a system
with, you probably can hook something up to the USB circuitry, in which case
this wouldn't help.

Unless you continue the one-upmanship and have your HID transmissions
encrypted on the hardware side, then it's just semi-random garbage for any
logger. A software driver in the distro then makes it usable.

Something like that might even exist, for paranoid bluetooth users...

Edit: Silly me, bluetooth does feature encryption, of course. Not sure how
strong/well implemented that is in the case of most keyboards.

------
niels_olson
I had the LPS project roll a version of this for my unit. I have tried to find
it useful and failed many times. Great idea, the developer working on is doing
good work. But the big problem is that so much of DoD has bought products that
depend on brittle WinXP and IE (Citrix, Juniper, etc).

A far more promising development in the near term has been Thursby's and
Apple's progress with FIPS 140/2 certification for iOS and OS X, respectively.
This means .gov and .mil smart card (CAC card) users can access web apps
secured with DoD and .gov PKI infrastructure.

Right now, that's limited to Outlook webmail (only confirmed test "sat", I've
heard about so far), but presents a huge enterprise market for Apple
developers to target. Thursby has an API for developers.

<http://osdir.com/ml/general/2012-04/msg43528.html>

------
lazylland
I'm just curious as to how just accessing local resources would compromise a
live CD environment ..

~~~
kylemaxwell
It actually serves two different purposes: prevents information leakage from
the remote (secure) networks to the local node, and prevents possible malware
stored on that local node from migrating into the remote network.

