Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Mon 28 Jul 2014, 06:57
All times are UTC - 4
 Forum index » Off-Topic Area » Security
LightweightPortableSecurity vs Puppy - Puppy wins
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 5 [69 Posts]   Goto page: 1, 2, 3, 4, 5 Next
Author Message
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Mon 04 Jul 2011, 05:49    Post subject:  LightweightPortableSecurity vs Puppy - Puppy wins
Subject description: Military-developed security on a live CD
 

Lightweight Portable Security is put out by the American Air Force Research Laboratory and is a live CD that boots straight to desktop.
http://spi.dod.mil/index.htm

It is designed for secure usage by civilians.
It runs as root. Distrowatch (where I read about it) is already complaining.

I am using it now straight to desktop and connected. Firefox working. Very good.
Looks like a very ancient xfree86 that Puppy used in the previous decade
(aprox ver 1 and before)
http://www.xfree86.org/

It contains mtpaint, flash, Leafpad and links to the US military complex.
It is very minimal and fast.

I would be interested if it is based on Linux from Scratch
or whether the US has another more secure version for infernal (ahem - internal use)?

I liked the encryption wizard and ease of use. It is very simple.

How does it compare with Puppy?
It is designed for a specific purpose and does it well.
We have a browser pup that is comparable.

It is very difficult to be objective but let me try.
Puppy is a lot better in every way - OK I tried Wink

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Mon 04 Jul 2011, 06:32    Post subject:  

Can it boot in frugal install on NTFS or does one have to resize the HDD and make a partition? Which would ruin the recovery partitions function?

I don't have DVD so no use having a CD. Sure I can try boot using USB that would be proper for a rescue gadget to have in the pocket just in case it is needed.

But would it be safe if one used a USB memory thumb?

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
Lookinglass360

Joined: 22 May 2009
Posts: 79
Location: Largo, Florida USA

PostPosted: Mon 04 Jul 2011, 07:54    Post subject: LPS  

Hi nooby

I tried this about a year ago.

Seemed safe.

But I felt locked in, but with who?

Hope this helps.
2011-07-04_07-55-01-thumb.jpg
 Description   
 Filesize   53.46 KB
 Viewed   3056 Time(s)

2011-07-04_07-55-01-thumb.jpg

Back to top
View user's profile Send private message 
DPUP5520

Joined: 16 Feb 2011
Posts: 801

PostPosted: Mon 04 Jul 2011, 08:50    Post subject:  

@ Lobster
Yes there is another version of LPS if you look on their website the version that they release is LPS "public"

@ nooby
There is no frugal install, it is designed to run live and that's it, unless they've changed something in 1.21

As I mentioned in another thread the one huge advantage that LPS has over Puppy as far as im concerned is the ability to use a smartcard/cac reader, I tried for a few months to get this working in Puppy to no avail and i have seen that a few other people have tried too without much success.

_________________
PupRescue 2.5
Puppy Crypt 528
Back to top
View user's profile Send private message 
myke


Joined: 15 Mar 2011
Posts: 102
Location: Québec

PostPosted: Mon 04 Jul 2011, 10:36    Post subject: Smart Card Reader  

If it is an RHS ENE Technologies smart card, then you need the keucr module.

Otherwise, you need to identify (use google) the brand of smart card reader that your computer uses and see whether the module source is available. If so, you will need to have the source compiled / compile the source yourself for the card reader you have and for the specific kernel the distro is using.

_________________
AA1 D255E-keucr slacko 5.3;luci;mijnpup; tw-os; with:Emacs,gawk,noteboxmismanager,treesheets, freeplane, libreoffice, tkoutline, Sigil, calibre, calendar. magic&Noteliner(wine), kamas (DOS)
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Mon 04 Jul 2011, 10:54    Post subject:  

dpup5520 "
There is no frugal install, it is designed to run live and that's it, unless they've changed something in 1.21 "

Puppy are designed to run live too???

I mean AFAIK Flash our ModAdmin he run it that way???
Knoppix on my HDD runs live too and Porteus does it too. Even latest TinyCore runs live on my HDD and them designed to allow it AFAIK?
But sure I can be wrong about it. I am truly computer challenged.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
DPUP5520

Joined: 16 Feb 2011
Posts: 801

PostPosted: Mon 04 Jul 2011, 12:00    Post subject:  

@ myke
It's not that simple, coolkey doesn't work in Puppy either and I haven't been able to get it to work and there are other modules aside from just the smartcard drivers and coolkey required to get a smartcard device working properly.

@ nooby
My bad, What I meant to say is it is designed not to be installed on a harddisk and only to run live whereas Puppy can have a save file and keep persistant changed LPS will not.

_________________
PupRescue 2.5
Puppy Crypt 528
Back to top
View user's profile Send private message 
ICPUG

Joined: 24 Jul 2005
Posts: 1289
Location: UK

PostPosted: Tue 05 Jul 2011, 08:30    Post subject:  

Nooby,

I downloaded last night and will be checking for frugal installability with ntfs!

However, usage will be limited due to its lack of persistence.

There is a deluxe version with Open Office as well. Quite how one configures that program to your liking without persistence is beyond me!

Even if the linux turns out to be no good I do like the idea of the download, system requirements info, quick start guide, faq, user guide all available from one page of the web. Puppy could learn something here!
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Tue 05 Jul 2011, 08:38    Post subject:  

Thanks to all for answering my naive questions.

I guess the most important thing for them is to make a CD or DVD that can be used in a secure way.

Booting from USB or HDD maybe is not part of their goals?

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
DPUP5520

Joined: 16 Feb 2011
Posts: 801

PostPosted: Tue 05 Jul 2011, 13:42    Post subject:  

you can boot from usb but only as a live usb, as far as i know anyway
_________________
PupRescue 2.5
Puppy Crypt 528
Back to top
View user's profile Send private message 
ICPUG

Joined: 24 Jul 2005
Posts: 1289
Location: UK

PostPosted: Wed 06 Jul 2011, 13:32    Post subject:  

Testing complete.

DPUP5520 may say there is no frugal install and the documentation may say it does not install to hard disk and is designed to run live but ...

LPS runs as a frugal install on an NTFS partition. Just have to do it manually.

Couldn't test on my FAT32 desktop but I am sure that wouldn't be a problem either if I had enough memory.

Copy vmlinuz and initrd from the iso to a folder on your partition.

I use folder lps121 in the first logical partition in the extended partition.

the bits to add to the menu.lst for grub4dos are:

title Lightweight Portable Security 1.2.1
kernel (hd0,4)/lps121/vmlinuz load_ramdisk=1 ramdisk_blocksize=4096 root=/dev/ram0 ramdisk_size=524288 console=ttyS3 splash=silent vga=791
initrd (hd0,4)/lps121/initrd
boot

Note: the bold bit is all one line

You obviously change (hd0,4)/lps121 according to partition and folder name.

LPS is interesting but limited by its lack of persistence. Configuration changes stick only for the current session. Being provided by the American Air Force it assumes users are American with American keyboards and speaking American. It worked with my laptop intel 855 graphics and basic touchpad functionality. Touchpad scrolling was not available.

It does not appear to use compression which means the whole iso is larger than Puppy for very little in terms of applications. It also means the memory requirements are silly, compared to the Pup. It would not run on my 128MB dsesktop because the main file (initrd) was bigger than that. The System requirements suggest 512MB RAM for the public version and 1GB for the Deluxe version.

It includes flash but no other multimedia codecs and the flash is only playable within the browser.

I'm told it includes Java but I have not tested that.

In my opinion its usage is for a browser based OS. I would not use the deluxe with Open Office because the lack of persistence would undoubtedly limit what I could do with such a complex package.

One thing I would say. It is slightly more secure than Puppy when operated as a frugal install. Puppy will mount the partition where the frugal is installed and it must remain mounted during the session. LPS does not mount the partition. In fact, I found it impossible to mount any hard drive partition. It may be possible but I don't have the knowledge. My USB stick was recognised and mounted when plugged in so a mount facility exists but how to mount a hard drive partition is beyond me.

Running as a Live CD, LPS is no more secure than Puppy.

All the documentation accessible from the LPS home page is also available in the OS.
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Wed 06 Jul 2011, 14:10    Post subject:  

ICPUG much appreciated test and info based on it then. A true Gem indeed.

I mean Air Force them would not put in back doors or something on that software Smile

I have tested it now on my small Netbook Acer D250.
Very interesting that them have done it so well that everything just worked. Okay did not test using wireless or Cam or such.

But it found the IP through the Router directly and the resolution and it booted real fast too. I did not test if it could do the streaming of local TV station though.

Ooops I am a poor reader of text. Now I finally see this part. Haha

"In fact, I found it impossible to mount any hard drive partition."

Yes indeed that seems not to be allowed. I asked whoami and it answered root but no access to hdd at all.

So it is a secure thing but not a rescue thing then. So it is for secure browsing and that is a good thing too.

Edit I have read more at their site now and it is for being more secure when one browse so no need to access hard disk Smile

But one had to agree to something. I have not read that one. Do them keep record of us using it?

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
DPUP5520

Joined: 16 Feb 2011
Posts: 801

PostPosted: Wed 06 Jul 2011, 15:30    Post subject:  

@ICPUG
appriciate the testing on the new version of LPS and have gotten around to confirming your results. LPS does have some silly requirements but for me is a great os for se urely browsing using a smartcard which is its main purpose anyway.

_________________
PupRescue 2.5
Puppy Crypt 528
Back to top
View user's profile Send private message 
CLAM01

Joined: 22 May 2010
Posts: 78

PostPosted: Wed 06 Jul 2011, 22:36    Post subject:  

LPS appears to be a focused-purpose system, with secure communication its purpose focus. It is for its purpose focus it is more restricted than puppies, and for it, too, it appears, that it has SmartCard capability. The SmartCard reading is for CAC (Common Access Card) capability, which allows the card-owner to access a specific network per instructions on the card. In the case of LPS DoD (U.S. Department of Defense) networks.

The LPS system allows secure access from any computer by ignoring everything on the computer except the RAM and CPU. Everything saved is saved to RAM, in what is essentially a ram tmp file. It appears that where LPS is run from an iso installatiion on a harddisk partition the partition is mounted, so saved files might be manually movable from ram storage to the partition, or a file made on it? The LPS recommended save method is save to a separate USB stick. the stick auto-mounts and appears available when inserted. It is not the stick the OS is running from, when it is run from USB. I don't know if the separate save device is enforced (the whole LPS OS stick being formatted read-only) of if it's recommended. USB sticks can be formatted into partitions, so a second partition might be usable as a save stick. The stick-save feature is apparently left-over from before DoD protocols made saving to sticks verboten (for security against WikkiLeakers, among others, it is presumed).

The FAQs, available through the "troubleshooting" link are interesting. One answers if LPS can be installed to another operating system, saying, in part, "LPS is a turnkey solution that uses a Linux bootable CD to turn your existing computer into "virtual GFE" (Government-Furnished Equipment) by booting a trusted operating system and not mounting the local hard drive."... Does this mean your computer becomes "government property" for the duration???

The security advice they offer is good: The system is for security, not comfort, so personalization is minimal, and nothing is saved, except what the operator deliberately saves (at least on the machine piggy-backed on, in a twilight-zone computer-rack in the Pentagon somewhere...who knows...). The recommended first-line security maneuver is to reboot, restart without any vermin that may have climbed aboard. Because Puppies run from a virtual ramdisk (copied from the main SFS) this works with Puppies, too, with the additional caveat that for you have to flea-bomb your save-file, too, for a total and positive cleaning.

The LPS developers might be good for info to get SmartCard capability for puppy, since they have set it up for CAC. CAC capability, being usable for security (opening a virtual tube) would be a good idea for any computer that connects to a network through the net.
Back to top
View user's profile Send private message 
cowboy


Joined: 03 Feb 2011
Posts: 247
Location: North America; the Western Hemisphere; Yonder

PostPosted: Thu 07 Jul 2011, 00:09    Post subject: lps  

CLAM01 wrote:
LPS appears to be a focused-purpose system, with secure communication its purpose focus...

The FAQs, available through the "troubleshooting" link are interesting. One answers if LPS can be installed to another operating system, saying, in part, "LPS is a turnkey solution that uses a Linux bootable CD to turn your existing computer into "virtual GFE" (Government-Furnished Equipment) by booting a trusted operating system and not mounting the local hard drive."... Does this mean your computer becomes "government property" for the duration???


Don't think so, but you've given a fine synopsis. I would think the GFE item is a bit of legalese, assuring the user that they are operating in a government approved manner on whatever machine they happen to be using, and not, one supposes, to be held responsible for any security breach.

LPS is interesting. Boots right to desktop, connect to internet automagically through ethernet, and miracle of miracle, has sound right off the bat. (one of the few persistent criticisms of more recent Puppies). Some items from the FAQ:

What other utilities are included with LPS-Public?

LPS includes some useful minor personal productivity utilities with graphical interfaces:

* PCMan File Manager – file explorer
* Leafpad – text editor
* gpicview – image viewer
* xPDF – PDF file viewer
* Adobe Reader – PDF file viewer (Deluxe only)
* LXRandR – monitor configuration tool
* galculator – desktop calculator
* mtPaint – pixel-based paint program
* OpenOffice – office productivity software (Deluxe only)

We have also included some connectivity software:

* OpenSSH – secure shell, allows command line access to remote systems
* rDesktop – remote desktop
* Citrix Receiver (ICA manager) – Citrix client
* NetworkManager – network manager

Why is LPS secure?

LPS allows you to use the network without relying on a potentially compromised operating system. LPS does not include drivers for accessing the local hard drive, so LPS is insulated from any malware locally present. LPS runs a modern Linux kernel with minimal services. In the remote event that LPS is compromised, either directly or by visiting a site that exploits the software, remediation is as simple as a reboot.

Why do you permit USB storage?

LPS-Public was originally created as a demonstration of our security tenets before the DoD flash memory ban. The primary use case for LPS-Public originally was for people to use their home computers to conduct sensitive personal transactions, such as home banking. To permit users to save local files, we included the capability to use personal flash sticks. CAC support was included later as more people requested it.

and yes, I'm posting this from LPS. It's kind of a one trick pony, really, and you won't be doing many of the things you can do with a good Puppy from a Live CD, the apps simply aren't there. But I was able to check Gmail, Yahoo News, and watch some video reports on the Tour de France site as well as the BBC. LPS is what the stylish spy-about-town should have in their CD case circa 2011.

_________________
"Everywhere is within walking distance, if you have the time." - Steven Wright
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 5 [69 Posts]   Goto page: 1, 2, 3, 4, 5 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1026s ][ Queries: 13 (0.0055s) ][ GZIP on ]