Linux distro with LiveCD for secure online banking?

Discussion in 'all things UNIX' started by Konata Izumi, Jul 22, 2010.

Thread Status:
Not open for further replies.
  1. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    I want to know if there is a certain Linux distro that is EXTREMELY secured out of the box (LiveCD).
    I'm planning to use Linux LiveCD for my banking sessions. :)
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,699
    Why do you think you need a live CD for banking?
    Mrk
     
  3. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    RAM drive substitute?
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,699
    Not following you.
    Mrk
     
  5. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    Maybe he wants something that won't leave any trace on his PC or even USB stick? Since the LiveCD may work off RAM alone, doing banking and then quitting won't leave any traceso_O Just a guess!
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,699
    I think his focus was security ...
    Mrk
     
  7. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    yes. Isnt forensics part of security? o_O
     
  8. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    I'd consider installing linux than using a LiveCD, if its more secure and if you could help me set it up. :):thumb:
    I'm dumb at linux anyways :>
     
  9. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,699
    Well, I got tons of step-by-step tutorials for exactly that!
    Head on to my site and start reading the software & security section, bottom up.
    Mrk
     
  10. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    :D
    LOL, dont be obtuse. :shifty:
    Good insight there.
    Perfectly reasonable request if a bit non-specific: in fact right on the "money"
    http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_bank_on.html
    http://www.zdnet.com/blog/hardware/...-for-online-banking-and-shopping-updated/5813
    http://blogs.computerworld.com/15815/can_ubuntu_save_online_banking
    http://radsoft.net/security/20100224,00.shtml
    Heh: Even in OZ: http://www.itnews.com.au/News/157767,nsw-police-dont-use-windows-for-internet-banking.aspx
    Search: http://www.google.com/search?&q=live cd banking

    Even booting from LiveCD image ??
    Boot VM from Live Cd ??
    VMWare Appliance: ( not tested by me ) http://www.vmware.com/appliances/directory/120
    Go for it :)
    Plenty of help here.
    :thumb: :)
     
    Last edited: Jul 23, 2010
  11. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677
    i dont use linux live cd for online banking because there is alway fear of phishing site on linux more as compare to windows because on windows you always got good security suite like KIS or NIS which has very good anti phishing data base

    but if you know the ip of your bank you can go with fedora or ubuntu with some tweaks its pretty rock solid

    for surfing i use this distro

    cant say about banking but its very secure for surfing on public places

    http://spins.fedoraproject.org/kiosk/#home

    https://fedoraproject.org/wiki/Fedora_Kiosk
     
  12. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677
    Or........... what you looking for is build your own kiosk (a live cd which connect to your bank only and only to ports you want it to connect (ie.site mention in it while making and no other sites or port and root sudo ...etc default blocked)

    kiosk-operating-system

    here you can build a live cd according to your needs i guss mrk can put more light in that field :)


    http://www.flatcoder.co.uk/how-to-build-a-secure-kiosk-operating-system/

    http://my.opera.com/linuxonlinehelp/blog/index.dml/tag/kiosk mode
     
  13. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Oh no ! You are making me jumpy, I don't have Windows at all !
    I use Firefox with NoScript and the SSL blacklist add-on. Also I always check the security details and certificate by clicking on the padlock. Surely that's all that is needed to satisfy me that it is not a phishing site ? Of course I also have apparmor FF profile enabled, but I don't think that will protect against phishing.

    Opera has AVG's web threat real time data feed plus fraud protection from Phishtank and Netcraft, but my banking site doesn't support Opera (I can't even login).

    My banking site advocates installing Trusteer Rapport, but no can do, there is no Linux version.
     
    Last edited: Jul 23, 2010
  14. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    LOL: PROVE IT ??
    A swing and a miss ??

    You must be thinking about all those linux systems affected by The Zeus Trojan, Neh ? :blink: :rolleyes:

    Ocky relax...
    Linux intrinsically safer from "bank trojans"
    Firefox has antiphish built in.
    http://www.mozilla.com/en-US/firefox/phishing-protection/
    WOT if you want
    https://addons.mozilla.org/en-US/firefox/addon/3456/
    + Other usual measures..you should be fine
    Always good to maintain high index of suspicion. :thumb:


    Live CD:
    How to Use It:
    Just so.
    If you want.
     
    Last edited: Jul 23, 2010
  15. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677
    i said about average user point of view not for geeks :D

    they dont check all that stuff just click and next many virus sites bypassed by linux i know all thou they dont do any harm in linux but you still click and get inside virus/phishing/trojan......etc site form linux without even knowing that where in windows with KIS/NIS....etc average user if click wrong it get blocked atleast 95%

    geeks know the ip address of bank sites or atleast they check certificate ..etc ..stuff but many users dont they just click. ........ Specialy windows migrated think if some thing wrong linux will block it which is totaly wrong concept and linux doesn't

    i give you 10-20 virus sites click on them they open in linux and average user download and then put it on pen drive to give his/her friend who is working on windows and his/her pc get o_O and then average user blame it on windows where he did it innocently without knowing that fact that linux doesn't block virus/trojan.....etc It just dont let the code execute in it.

    geeks have many tricks like noscript site advisors some them convert their linux by setting up squid http scanner..........end up creating it to utm...........etc ......... (ie convert their machine into castle troy)
     
  16. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Hi,
    Like security, online/banking is a process, and can not be reduced or limited to a distro choice or product.
    As secure is the distro/OS, it can't circumscribe all possible attacks that could occur during the process:
    -client/server side attacks like XSS (logins capture), the intrusion in bank or merchant database via an SQL injection exploit (credit card number/id theft), keyboard sniffing, social engineering like phishing etc

    So there is a few ideas that can help to mitigate the risks

    -choose a read only OS, that can be done for instance with a live cd,
    - encrypt communication (ssl vpn),
    -use virtual keyboard when typing confidential data,
    (many banks provide this security feature: https://online.westpac.com.au/esis/Login/SrvPage )
    -subscribe to virtual card service, by this way only a number N required for a buy B is typed, and not credit card number.
    -take care of the online merchant, that must be PCI DSS certified ( http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard ) or hacked proofed (logo of verisign, McAfee, Comodo
    for instance).

    An interesting distro is Privatix, that can be used as a live cd: http://www.mandalka.name/privatix/index.html.en
    I've promised an article as a guest on Mrk site that will focus on security based OS, so for those interested just check it in a few days.

    Rgds.
     
  17. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Interesting indeed,nice find.:thumb:
     
  18. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    @Kareldjag: thx for expanding. :thumb:
    I think you've got it covered !! :)
    Live CD par excellence ?
    I stand to be corrected, but if the bank is compromised any login/details is toast from any OS ??
    Any HW logger will make the client a victim ??, but in "own set-up" system that is unlikely ??
    ( the corollary is to be extremely wary of some-one elses HW/network )

    Is keyboard sniffing/keyloggers a real risk from uncompromised HW and Live Cd ( other then MIM attack or network sniffing/compromise which prolly cant be detected by client side ) ??

    Phishing defences, ipso facto, require care at any time even with Live CD : Of course.

    I'm not trying to mix it up with Kareldjag !! :D : happy to be corrected at any time: any clarification discussions are valuable.

    Many banks are at last taking this seriously: nice to see you've used an Oz bank as example.
    If your bank wont respond to concerns ( even something as simple as proper web standards : cf: Firefox capable: ditch them.

    Further pointers ?? Heh: just run Linux for starters maybe ? :)
    Waiting
    regards

    PS: Oh, dont forget card skimmers are out and about too.
     
    Last edited: Jul 23, 2010
  19. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677
    i agree with you kareldjag there are so many parameters you can limited to specific os or some distro distro or some security feature :))

    thanks for Privatix i checking it out

    Kiosk is another one

    also its better to build your own usb incuding all security features and use it for only banking use in this way you get every thing patched and locked

    like many users said live cd in unhackeble but what if there is vulnerability of firefox make it compromise for example flash in firefox live cd of mint .....who you blame it for

    but if you make your own usb you can patch every thing by updating lock its iptables to connect to only specific bank site and to update distro disable root locked sudo with big password phrase encrypt your usb ....etc

    secoundly you use it only for banking porpose so there is no 3rd party repo in it less software more tight security patched or none vulnerability last but not least you use it only when you need it may be once in a day or week so you are not sitting on net with it 24/7 so less prone to cyber attacks because of unavailability on net :D
     
  20. thunderratt

    thunderratt Registered Member

    Joined:
    Jul 26, 2010
    Posts:
    3
    I was on this forum for an encryption question but noticed some Linux threads and then saw your post. Just want to say thanks for your site! I found it the other day when I was researching which distros I am going to try...the tutorials are great and the reviews are very helpful.

    I am about to start with a new laptop and will multiboot with Windows 7 and a few distros using GPT instead of MBR (so looks like I have to learn Grub2). Please keep your site up and running!:thumb:
     
  21. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,101
    An interesting device to consider is the S200 IronKey USB flash drive which uses AES 256-bit CBC hardware encryption. There is an unlocker available for a large range of Linux variants. See their website at: https://www.ironkey.com

    -- Tom
     
  22. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Hi Tom....I didn't see this when you posted. I thought the IronKey's were great, too; until I had two blow out within 60 days of each other. They both went through a quick mount/dismount cycle, not nearly enough time mounted (2-3 seconds) to grab any data. I was only told this was a "known issue" and they replaced the first with an identical IronKey. Just over a month later, the same thing happened to the replacement. Luckily, I had the data on both backed up in a TrueCrypt volume. I sent the second unit back, they agreed I deserved a refund if that's what wanted. It was and I did. I recently went over to their forums and there's still random threads on this very issue.

    IF there was a way I could feel safe with the IK after my troubles, I would love it. I'm back to using the new Kingston DataTraveler Vault series.
     
  23. Metastasio

    Metastasio Registered Member

    Joined:
    Aug 8, 2010
    Posts:
    28
    Konata, may I ask why you feel you need to use a Linux live CD so as to bank online safely? I use locked down Windows 7 and have never been compromised. (Hell, I have never been compromised running Windows XP as an admin. for that matter...)

    In reviewing your postings, you seem obsessed with tweaking your OS to no end.

    Do your means justify your ends?

    Can't you just "set it and forget it"?
     
  24. Metastasio

    Metastasio Registered Member

    Joined:
    Aug 8, 2010
    Posts:
    28
    IronKeys, AVs, and other for-pay "security enhancements" are snake oils peddled to the masses. Save your money and educate yourself how to use free tools and you'll be better off and richer. Please!

    I speak from self-knowledge... I bought a first-gen. YubiKey that I have never used once. I now use KeePass with a locked-down Firefox that whips the ass of any costly scheme to create, authenticate, and remember passwords...
     
  25. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Well, honestly, while IronKey didn't work out for me, it's hardly snake oil. I had the 16GB USB flash drive with hardware encryption. Hardware encryption is far different from some of the things you mentioned. While much of what I use is free, you generally can't find free 16GB flash drives with hardware encryption on the chip.
     
Loading...
Thread Status:
Not open for further replies.