Is A Linux Live CD secure enough

Discussion in 'all things UNIX' started by JohnnyBravo, Oct 3, 2013.

Thread Status:
Not open for further replies.
  1. JohnnyBravo

    JohnnyBravo Registered Member

    Joined:
    Jan 26, 2006
    Posts:
    82
    Hello, I have been using a Linux Ubuntu live CD for ebanking, paypall and other simmilar activities on line, from my personal computer at home.
    Is it safe enough and if it is , can I use the same metod to login from other computers, like at my work.
    Thank you
     
  2. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    539
    Location:
    United States
    An advantage to running a live disk is that you are working from a clean operating system. However, there are a number of potential threats you should be aware of before you proceed in using this in a public venue.

    hardware key-loggers:
    Some employers, employees, and even third-parties (users) will connect hardware key-loggers to public and office systems. Some of the more sophisticated ones can be transplanted into the keyboard itself. While you could inspect systems for indications of tampering, it is not always possible to do so. I would recommend you operate from your own personal device, presuming your office environment permits that.

    Phishing:
    Simply running a live disk does nothing to protect you against fraudulent and malicious phishing sites. I'm not sure how your configuring your browser and/or what software and plugins you are utilizing. But this is a legitimate concern whenever you do sensitive activities such as banking online. More alarming, attackers have already found a way to get around two-factor authentication on some websites.

    Man-in-The-Middle (MiTM) Attacks
    Running a live disk on another system can certainly get around a lot of the restrictions setup by the administrator of that system. But there is no guarantee against man-in-the-middle attacks. Your data is being sent over someone else's network. Probably the best advise I can offer here is to utilize a virtual private network. You can do a search for other threads on this topic, if you are unsure how to select a VPN. This topic has been discussed to the point of exhaustion.

    This would depend on your place of employment. It might violate their computer and network usage policies or they may prevent you from booting from other media such as a disk or portable drive. An organization with a decent IT department would most certainly do both.
     
  3. JohnnyBravo

    JohnnyBravo Registered Member

    Joined:
    Jan 26, 2006
    Posts:
    82
    Thank you Tech

    Ill stay at home than:)
    On other hand I believe that it is much more secure to use Linux Live CD, than Windows with a dozen security apps.

    Is there a Linux distribution that you would recommend as more secure and are there any plugins that would be posible to use on a live CD, or what would be the browser settings that one should have when using ebaning?
    Thank you
     
  4. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    Tails offers a live cd
    https://tails.boum.org/

    Whonix offers more but requires virtual box
    http://sourceforge.net/projects/whonix/

    I guess it all depends how and why you use a live cd system, the general vibe is once you have finished with your online and general use, you can shut down your pc or reboot. Any history or trace is pretty much gone from RAM this is if your using a live cd like ubuntu/tails, nothing is saved or recoverable from ram as long as its been shut down for few minutes ( recent recover reports indicate after 10 seconds any recoverable data is gone).

    Of course other factors your still not hidden from your ISP and then any other 3rd party companies, a trust worthy VPN will help :)
     
  5. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    I know this is a nix thread but here is a windows alternative than may actually be much better...
    You may be better advised to use a ramdisk and a portable version of Firefox with all the proper configuration.

    Here is some information on linux ramdisks: http://www.vanemery.com/Linux/Ramdisk/ramdisk.html

    Ramdisks create a virtual hard drive in ram only, whatever runs there whether it's your swap file or anything else is gone when the ramdrive is terminated as ram is volatile. For extra security you can run two ramdrive one for your secure transactions, and the other for your swapp file. (Swapp can contain data). kill the two ramdrive and both the data and the swapp are vaporized...
    The only side effect is a slower boot time when the Ramdrive is disabled for the swap file. and oh by the way, you pc will engage warp speed as ramdrive are waaaay faster than regular disks and even faster than SSD's....

    You turn on the ramdisk, (call it V:\) or something else, copy the previously customized portable version of Firefox directory to the ramdrive directory. Run firefox... do whatever you need done then kill the Ramdisk and you are done....

    Clean, and secure with no traces of any activity....
    The only thing you need is enough ram to create RAMDisks larger enough to accommodate your effort. This should be no trouble as RAM is cheap nowadays and rather plentiful in most new systems. They tend to go out the door with between 8 and 32 gig (most of it goes unused unless you actually do implement RAMDRives...

    Here is a nice decent Free Ramdisk (Windows)
    http://www.softperfect.com/products/ramdisk/

    Here is a portable and configurable version of Firefox (Windows/linux via wine)
    http://portableapps.com/apps/internet/firefox_portable

    On a side note,
    you need to use SSL, and noscript toguether with do not track me as well as Flagfox (know the Geolocation of the site you are at) in your firefox for added security:

    Here's the links to secure your firefox: (Agnostic)
    https://www.eff.org/https-everywhere
    https://www.abine.com/dntdetail.php
    http://noscript.net/
    http://flagfox.net/


    And a little advertizing for our friends:
    Educate yourselves - Support the work of https://www.eff.org/
    Help protect the Internet from the unscrupulous, hostile businesses lobby, and the control fanatics!
     
    Last edited: Oct 4, 2013
  6. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    I like the ram drive idea, one could always use more portable apps and cover one self a bit more.

    Perhaps a way to extend it further is to truecrypt the entire hdd, tc a virtual box session, and install a ram drive with portable apps inside it, and close it once finished. This way even if an adversary gets the system once its logged in and live, hopefully you would have closed the virtual drive and no chance of data recovery.
     
  7. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    Just online bank from home only, behind a router, don't click on links, with a decently secured machine and you'll be fine. Anything beyond that is overkill but if it makes you feel better.....
     
Loading...
Thread Status:
Not open for further replies.