Open Source

A new Linux distribution for the security minded

The U.S. Department of Defense has released it's own security-enhanced Linux distribution designed to protect remote workers who must access corporate and government networks from insecure locations.

If you've read Vincent Danen's recent posts about demystifying SELinux ("Practical SELinux for the beginner: Contexts and labels" and "Introduction to SELinux: Don't let complexity scare you off"), he might not have convinced you that the learning curve is worth the benefits. Many people have found the complexity of SELinux to be a little off-putting -- as one might expect from a distro that was developed as a project of the National Security Agency.

A less onerous alternative for those who need fewer bells and whistles is the Department of Defense's new distribution called Lightweight Portable Security (LPS), aimed at providing telecommuting workers who must connect to corporate and government networks with a more secure method.

Lightweight Portable Security (LPS) creates a secure end node from trusted media on almost any Intel-based computer (PC or Mac). LPS boots a thin Linux operating system from a CD or USB flash stick without mounting a local hard drive. Administrator privileges are not required; nothing is installed. The ATSPI Technology Office created the LPS family to address particular use cases. LPS-Public is a safer, general-purpose solution for using web-based applications. The accredited LPS-Remote Access is only for accessing your organization's private network.

Since LPS runs from read-only media and without any persistent storage, any malware that a user might run across can only run within that session. Rebooting between sessions is encouraged for users who think they might have visited a suspicious site or before performing any sensitive transactions. LPS is designed to protect networks from workers who connect from vulnerable home or hotel networks.

If you'd like to check out the details, visit the official LPS site where you can download the  LPS-Public ISO image. There are actually two versions:

About

Selena has been at TechRepublic since 2002. She is currently a Senior Editor with a background in technical writing, editing, and research. She edits Data Center, Linux and Open Source, Apple in the Enterprise, The Enterprise Cloud, Web Designer, and...

6 comments
Amigut
Amigut

Funny, but success of LPS is required H1N1 Flu :) "The threat of an H1N1 flu pandemic last year spurred the Defense Department to plan for the possibility that large numbers of workers would need to work from home if a viral outbreak quarantined employees and required offices to shut down."

pgit
pgit

I have some need for a lightweight, secure VPN client. This remote access version looks promising. I wonder if it can be loaded entirely in RAM to where you can remove the disk? That would be slick. :)

alfowler
alfowler

Thanks for bringing LPS to my attention and I will now consider using it on some preliminary trials.

FXEF
FXEF

Thanks for bringing LPS to our attention. I've been using other Linux Live CDs for secure browsing, however not mounting internal hard drives feature makes LPS more secure than other Live CDs.

bobp
bobp

Using a Linux Live CD accomplishes this. I have been telling my clients to use a Linux boot CD whenever they want to log in to their bank account or do any purchases or other credit card transactions online. There is hard drive access though, but no OS access.

seanferd
seanferd

It ensures connection security, which any other live distro may or may not do.

Editor's Picks