I have Knoppix installed alongside Windows 7 on my netbook. It's fast and efficient...all around a great OS. My only Caveat with it is that it's a security hole in my system. There is no login screen of any kind, no password prompts to mount or browse other devices and even though I have a root password set, it is never requested.

My question is, what kind of security layers are available to add so that, should someone get their paws on my computer, they can't boot to Knoppix and go poking through my stuff?

I went ahead and tried to replace Knoppix with plain old Debian, but it was lacking in device support, so I reverted. Thank you in advance.

Knoppix is Debian derivative designed to run as a live system. I'm not 100% sure, but I believe the user runs as root, which is why you're not being prompted for passwords etc, but it's years since I've used it.

You would be better off running pure Debian. You may have had "device support" issues with Debian stable as the kernal Knoppix uses is likely to be newer. Depending on what hardware it is which is lacking support(?) you can install a newer kernel, once you're up and running, from the backports repository.

Exactly right. Take a look at the Knoppix link below which explains the reasons it is not a good idea (particularly for a new Linux user) to install Knoppix to a hard drive.

http://knoppix.net/wiki/HD_Install_Warning_not_to_do_it

While you are in Knoppix you can use lsmod to list modules currently in use; this list may be helpful to configure Debian to use your hardware.

The devices in question are my networking adapters so accessing the repositories is impossible.

The first line of defense is to set a bootloader with a password system. Both LILO and GRUB allow to set passwords for booting. Refer to your bootloader's documentation. Depending on how do you do it, you can force the user to enter a password before booting any system, or only one of them.

Anyway, this will protect only against casual "attackers". A decided enemy will just seize your machine, boot a live CD and circunvent the other security measures (you can try to disable CD/USB booting in the BIOS, but it is a trivial defense to defeat).

If you have used the defaults for the install, you are surely using GRUB-legacy as your bootloader.

Which are what, exactly?

Help us help you by giving us the full information.

Network controller : Broadcom Corporation BCM4312 802.11b/g LP-PHY
Ethernet controller : Atheros Communications AR8132 Fast Ethernet

I'm not familiar with that Atheros ethernet, but I know the Broadcom LP-PHY well.

Here are instructions: http://wiki.debian.org/bcm43xx#b43_and_b43legacy

If you don't have internet on the target computer, I think you can copy the files over on a thumb drive.

You could also try a distro based in a country that doesn't have software patent law; I think (but cannot confirm) that Mint, CrunchBang, and a few other Debian-based distros support the BCM4312 LP-PHY "out of the box."

Alternately you can purchase an inexpensive Linux-friendly wireless adaptor for under $10.

I see that there is a rolling release of Linux mint Debian but I have yet to confirm that the drivers will work.

Meanwhile, I'm wondering if maybe I can use grub itself to add a layer of security. Is it possible to password protect individual entries? I want the Windows 7 entry to remain accessible because that has my prey agent on the guest account (heehee). BTW the grub bootloader was installed from BT5, but when I boot to it and type "grub" in the console. it says that it's not installed.(forgot to mention the BT5 install)

backtrack5 is yet another distro that is meant to be used from a livecd or flash drive and not installed.

I am not a security expert, but I am under the general impression that encrypting your filesystem is the single best step you can take to protect your data if your laptop is stolen.

Install Debian.
Install any non-free firmware from a flash drive.
Install Bastille, password protect grub.

Of course starting over and wiping the drive and encrypting the entire hardrive would be the first step.

It appears to be working just swell being run from my HD, though That whole endeavor is an advance project for later

I'm sure you are right, but that's probably overkill for my purposes. My concern is more nosy roommates than computer thieves.

I installed Knoppix after BT5, but there are still grub files in the filesystem. I typed "grub-md5-crypt" in the console from within knoppix just to see what would happen, and it prompted for a password. I'm not sure exactly what that would do, seeing as I did not install grub with knoppix. :/ But as I said, I would rather grub ask for a password for individual entries, rather than locking grub altogether

It is trivially easy for a nosy roommate (or anyone else with malicious intent) to browse your un-encrypted hard drive using a Live CD or Live USB.