Hi -

I have a question regarding accessing the net using a Live-CD.
Is it safer to access the net (e.g. using a browser) if you are doing so using a Live-CD? (as opposed to using a distro installed on your hard-drive).
I would have thought that it is (as I understand that live-CDs are (usually/always) mounted "read-only".
Many thanks in advance!
- mooseman

i guess it probably would be safer from a live cd because no one has access to any of your hard drive files if they aren't mounted.

If you don't mount your hard drives, then you should be really safe.

Whether you have to worry about OS damage depends on how you get your configurations on boot.

If you have your whole system written to an ISO and burned to a CD and don't refer to your hard drive on startup, you will also have the benefit of being able to simply reboot to undo any OS damage. In this case, /etc is usually in the ramdisk along with lots of other things. There is the issue of being home base to a hacker trying to do damage to other systems while you're compromised, though.

AND, unfortunately, you still have to worry about the data on your hard drive, even if you don't mount it by default. A person who's manually hacking a system who manages to get root only has to run fdisk and mount the partitions to get access. Unless there's an encrypted file system that needs a password for linux that I'm not aware of. Could be since I'm a fairly new return to linux..

-Ben

Hi again -
Thanks very much, BenODen and liquidtenmilion! Your replies are very helpful. Good to get a feel as to how safe a Live-CD is (compared to an installed distro).
Thanks again - bye for now -
mooseman

Oh, I guess there's at least one security downside that I forgot about. It's almost too obvious, but it's still worth mentionning.

It's more difficult to keep up with security updates on a Live-CD based system. Every time someone finds a critical vulnerability in one of the packages you use, you have to modify your CD.

I'm partly thinking out loud here, and I'll disclaim that I've never done this, but you might be able to keep some space free on the end of your CD when you write the first ISO and then write another session down the raod with updates that override the old files.. I'm not sure about writing a multi session disk with mulitiple ISOs though... Anyone done this with a LiveCD system?

I admit you probably end up with a less secure system by not finalizing the disk, since really astute hackers would catch on and write their own session to do their dirty work. There's very little you can do to prevent a hacker from doing something that you as an administrator could do. Of course there's tripwire etc, but still.

Failing the multi session solution, you would have to burn a new CD for every vulnerability that got you sufficiently worried, and you'd play the tradeoff game. Maybe it's not such a big deal, since most of the effort goes into compromising windows systems, but I'll defer to a more experienced administrator for that call...

-Ben

Hi again!
Mmm - a very good point that you mentioned here ... :-) Very true too, that a Live-CD would be difficult (if not impossible) to update with security fixes.
One thought occurred to me - I wonder if usermodelinux could help in this area (just thinking out loud :-) )
What I mean is - suppose you access the net using (say) Mozilla which is running in a UML session. That's something that I have wondered about. I've never used UML, but it sounds pretty useful on the security front (and certainly there are lots of ISPs deploying it .) Anyway - enough from me for now!
Thanks again -
- mooseman