If you’ve read Vincent Danen’s recent posts about demystifying SELinux (”Practical SELinux for the beginner: Contexts and labels” and “Introduction to SELinux: Don’t let complexity scare you off”), he might not have convinced you that the learning curve is worth the benefits. Many people have found the complexity of SELinux to be a little off-putting — as one might expect from a distro that was developed as a project of the National Security Agency.
A less onerous alternative for those who need fewer bells and whistles is the Department of Defense’s new distribution called Lightweight Portable Security (LPS), aimed at providing telecommuting workers who must connect to corporate and government networks with a more secure method.
Lightweight Portable Security (LPS) creates a secure end node from trusted media on almost any Intel-based computer (PC or Mac). LPS boots a thin Linux operating system from a CD or USB flash stick without mounting a local hard drive. Administrator privileges are not required; nothing is installed. The ATSPI Technology Office created the LPS family to address particular use cases. LPS-Public is a safer, general-purpose solution for using web-based applications. The accredited LPS-Remote Access is only for accessing your organization’s private network.
Since LPS runs from read-only media and without any persistent storage, any malware that a user might run across can only run within that session. Rebooting between sessions is encouraged for users who think they might have visited a suspicious site or before performing any sensitive transactions. LPS is designed to protect networks from workers who connect from vulnerable home or hotel networks.