Privacy and security on unsecured machines -Portable vms, remote desktops and livecds

Discussion in 'privacy technology' started by LUSHER, Oct 28, 2007.

Thread Status:
Not open for further replies.
  1. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    I have being investigating recently, the use of Portable vms, remote desktops and livecds for situations of use on a machine that is not under your control (work machine, public shared machine etc) and is perhaps monitored in someway.


    I can think of 3 possible threats to privacy/security

    *Leaving traces of your sensitive work (including browsing cache, cookies) on the computer.

    *Being subject to keyloggers.

    *Capture of network traffic via packet sniffing.

    I have considered 3 main methods for mitigating these threats with varying degrees of succuess.

    * Using portable virtual machines (e.g. Free Portable Virtual Privacy Machine , xbmachine and http://www.mojopac.com) carried on usb sticks.

    * Connecting to remote desktops - both to desktops running on your own machines (e.g. Logmein, various remote access programs) and those running on other machines (e.g. Cosmopod, GOPC , Nvio (no free) ) , with clients running on USB sticks

    * Booting up on LiveCDs (self explainatory).


    Some of my inital thoughts are at http://wiki.castlecops.com/Security_on_a_unsecured_computer .

    I'm a completely newbie to this compared to most people here, and no doubt I have written a piece full of falsehoods and rubbish so any advise and comments is appreciated.

    Particularly my experience with LiveCds is limited.
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Re: Privacy and security on unsecured machines -Portable vms, remote desktops and liv

    Hello,

    About live CDs, from me website:

    Bart's PE Builder
    Bart's PE Builder allows you to build customized bootable live Windows CDs. Bart's PE Builder offers a range of useful utilities, including system diagnostics and recovery, hardware inspection, and more. It is an ideal tool for rescue operations and offers a familiar interface to Windows users who might have qualms about using Linux-based live CDs.

    Knoppix
    Knoppix is a Linux bootable CD or DVD. Although not strictly a Windows utility, Knoppix is famous for a very good hardware support, that is if you have problems with the detection of a hardware component like the sound card or a graphic card, you're most likely to start solving the problem booted with Knoppix. It can also function as a rescue disc, a backup tool, a safe browsing platform, or a great tool for learning Linux.

    Ultimate Boot CD for Windows
    This is one of the most important tools a Windows user can have. Like Bart's PE Builder, UBCD4WIN is a story unto itself. It is not just one program, it is a complete bootable Windows kernel, packaged with tens of useful utilities in a range of categories. UBCD4Win PE Builder is based on Bart's PE Builder. Nevertheless, UBCD4WIN offers a much greater range of available tools. You can also add your own plugins.

    Among offered tools are 7-Zip, a43, Ad-Aware SE, Agent Ransack, AVPersonal, BGInfo, CPU Bench, CWShredder, DeepBurner, Dirms, Disk Copy, Disk Image, Disk Wipe, Eraser, ERUNT, Explore2fs, ExplorerXP, File Recovery, FileZilla, Firefox, Floppy Repair, freeCommander, Free Undelete, HD Cleaner, HDTune, HijackThis, IPScan, IZArc, MaxBlast, MemTest, MbrFix, MBRWiz, P95, PasswordPro, PDF Reader, Popcorn, PPPOEXP, Putty, R-Linux, RecoveryManager, RegCleaner, Scribe, SmallCD, Stinger, Sysclean, UltraVNC, xplorer2, WinDLG, and many more.

    Anonym.OS
    Anonym.OS LiveCD is a bootable live CD based on OpenBSD operating system, providing a hardened environment whereby all ingress traffic is denied and all egress traffic is automatically and transparently encrypted and/or anonymized.

    Damn Small Linux
    Damn Small Linux is a versatile 50MB desktop-oriented Debian-based distribution. You can boot with it from CD, USB drive or even run it inside Windows. It can also be installed onto hard disk. It's light, fast and packs a solid range of applications, including Gphone, Firefox, Naim, XMMS, Xpdf, and many more.

    Elive
    Elive is a live CD running Enlightenment Windows manager, which is an amazing visual experience while being very low on requirements. Like all other Linux CDs, it offers a mature and rich package of programs. It offers some very interesting programs like Blender 3D studio, MPlayer, Grip audio ripper, as well as the usual XChat, GAIM, Firefox, Open Office, and others.

    Feather Linux
    This is another small Linux, intended to provide a user with a safe and comfortable live working environment. It takes only about 120MB and offers in return AbiWord, Dillo, Firefox, CTorrent, NTFS resize support, Samba, Fluxbox, and more.

    Gentoo
    Gentoo is a combined live and install CD. This allows you to test the feel of the distribution before deciding whether you want to install it (warning: Gentoo is NOT the friendliest distribution for beginners!). It offers a full, complete working environment.

    Helix
    Helix is a dedicated incident response and forensic analysis live CD. It is not intended for beginners. The CD includes many useful tools like e2recover - for recovering files under ext2 file system, ClamAV and F-Prot anti-virus scanners, chkrootkit and rkhunter anti-rootkit scanners, Galleta - cookie analyzer for Internet Explorer, Regviewer - Windows registry analyzer, wipe - for secure file deletion, and more.

    Summary:

    Forensics: Knoppix, Helix, BartPE, UBCD4WIN.
    Privacy: Anonym.OS
    General use: any

    Other useful, partitioning, recovery: GParted, SystemRescueCD

    See all these below:

    http://www.dedoimedo.com/computers/collection_linux.html

    http://www.dedoimedo.com/computers/collection.html

    Cheers,
    Mrk
     
  3. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    Thanks I forgot about your site.

    I will spend a few weeks playing.
     
  4. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Do VM's protect against keyloggers? I mean you are still using your keyboard, so how could that protect you?
     
  5. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    Notice what I wrote

    "I have considered 3 main methods for mitigating these threats with varying degrees of succuess."

    In any case, I tested it and what I noticed is that whether by design or accident, some of the vms (and remote desktop methods) do prevent some of the hook based keyloggers from working. But other methods (kernel "directx") do seem to work. And even if they didn't they could do screen captures etc etc..

    So it's not a complete defense. It's more of a method to prevent leaving traces behind. There are some other advantages as well i think to do with security and privacy...

    Perhaps the only complete (or near complete anyway) defense against keylogging is to boot up on a livecd and then you have to watch out only for hardware keyloggers and very exotic stuff.

    The Livecd method needs an additional level of security to prevent network sniffing.. Either using TOR (or similar paid service), visiting only https sites, or doing a ssh to some other secure machine (your own!) before going out (best!).

    As always this is my speculation, if anyone knows better please correct me.
     
  6. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Hey I am sorry I didn't completely understand you. I don't know much. I am trying to learn a little bit at a time though and I appreciate all that you share.:D

    I have only tried one VM and that was xerobank's VM. Is the LiveCD that you were referring to Icognito liveCD? I downloaded that one and saved it to a CD but have not tried it yet. I hope it is not too complicated.
     
  7. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    I wasn't aware of Incognito livecd, but yes it looks like it will do the trick with builtin support for Tor.

    Livecds in case you don't know

    "LiveDistro or Live CD is a generic term for an operating system distribution that is executed upon boot, without installation on a hard drive. Typically, it is stored on a bootable medium, such as a CD-ROM (Live CD), DVD (Live DVD), Floppy (Live floppy), USB flash drive (Live USB), among others.

    The term "live" derives from the fact that these distributions are a complete, runnable—i.e., "live"—instance of the operating system residing on the distribution medium, rather than the typical case of a collection of packages that must first be permanently installed to a hard drive on the target machine before using the OS.

    A LiveDistro does not alter the current operating system or files unless the user specifically requests it. The system returns to its previous state when the LiveDistro is ejected and the computer is rebooted. It does this by placing the files that typically would be stored on a hard drive into temporary memory, such as a ram disk. In fact, a hard drive is not needed at all. However, this does cut down on the RAM available to applications, reducing performance somewhat. Certain LiveDistros run a GUI in as little as 32Mb RAM."

    From wikipedia

    Over here Tor is slow, I was wondering if I could get a livecd, then do remote desktop which is much faster to thwart snoops.....
     
  8. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    you can burn a livecd with this program -
    http://www.snapfiles.com/reviews/BurnCDCC/burncdcc.html

    the file you've got should end with .iso and they have to be burned the correct way rather then copying it to a cd.

    i like vmware for trying out linux distros, but i haven't tried VirtualBox, that's supposed to be good too. i've got Qemu too, i made an option in my right-click menu to run livecds in it with just one click :cool:

    [​IMG]
     
    Last edited: Oct 30, 2007
  9. zikarus

    zikarus Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    18
    Re: Privacy and security on unsecured machines -Portable vms, remote desktops and liv

    Hi all,

    I recommend to have a look into the following VM:
    https://www.awxcnx.de/anon-vms.htm

    Download the .zip file, extract it into a NTFS formatted partition. Then run VMPlayer/Innotek or anything alike and test it out...

    Seems to be the most complete solution including not only Tor but JAP and I2P as well as Mixmaster support...

    BR
    zikarus
     
  10. Nutta

    Nutta Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    2
    I was going to ask for comments on live CDs vs. virtual machines but then found this thread and Lusher's nice summary on Castlecops. It seems like the safest way to surf currently is to combine all 3 approaches mentioned:

    1. Use a live CD or DVD that runs entirely from RAM (no hard disk required) with
    2. A virtual machine (or multiple/nested vms e.g. http://www.erikveen.dds.nl/qemupuppy/images/qemupuppies2.gif ) using safe guest image(s) on the CD or DVD (if the image(s) do not fit on a CD - lots of RAM required)
    3. Connect to a secure remote service if required (https, ssh, TOR etc.)
    4. Start each new activity in a new VM session
    5. Do a secure wipe of RAM on shutdown

    Weaknesses?
    I think this setup is only vulnerable to hardware monitoring e.g. USB keylogger and BIOS viruses. If you're running on your own hardware then this leaves only BIOS/flash viruses. Are there any other weaknesses to the security of this approach? I suppose that if malware got your IP address and OS type then it could try repeated attacks against known flaws in the OS even when starting new sessions.

    Can anyone think of a more secure way to surf the Internet?
     
Loading...
Thread Status:
Not open for further replies.