Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a question regarding accessing the net using a Live-CD.
Is it safer to access the net (e.g. using a browser) if you are doing so using a Live-CD? (as opposed to using a distro installed on your hard-drive).
I would have thought that it is (as I understand that live-CDs are (usually/always) mounted "read-only".
Many thanks in advance!
- mooseman
Whether you have to worry about OS damage depends on how you get your configurations on boot.
If you have your whole system written to an ISO and burned to a CD and don't refer to your hard drive on startup, you will also have the benefit of being able to simply reboot to undo any OS damage. In this case, /etc is usually in the ramdisk along with lots of other things. There is the issue of being home base to a hacker trying to do damage to other systems while you're compromised, though.
AND, unfortunately, you still have to worry about the data on your hard drive, even if you don't mount it by default. A person who's manually hacking a system who manages to get root only has to run fdisk and mount the partitions to get access. Unless there's an encrypted file system that needs a password for linux that I'm not aware of. Could be since I'm a fairly new return to linux..
Originally posted by liquidtenmilion i guess it probably would be safer from a live cd because no one has access to any of your hard drive files if they aren't mounted.
If you don't mount your hard drives, then you should be really safe.
Hi again -
Thanks very much, BenODen and liquidtenmilion! Your replies are very helpful. Good to get a feel as to how safe a Live-CD is (compared to an installed distro).
Thanks again - bye for now -
mooseman
Oh, I guess there's at least one security downside that I forgot about. It's almost too obvious, but it's still worth mentionning.
It's more difficult to keep up with security updates on a Live-CD based system. Every time someone finds a critical vulnerability in one of the packages you use, you have to modify your CD.
I'm partly thinking out loud here, and I'll disclaim that I've never done this, but you might be able to keep some space free on the end of your CD when you write the first ISO and then write another session down the raod with updates that override the old files.. I'm not sure about writing a multi session disk with mulitiple ISOs though... Anyone done this with a LiveCD system?
I admit you probably end up with a less secure system by not finalizing the disk, since really astute hackers would catch on and write their own session to do their dirty work. There's very little you can do to prevent a hacker from doing something that you as an administrator could do. Of course there's tripwire etc, but still.
Failing the multi session solution, you would have to burn a new CD for every vulnerability that got you sufficiently worried, and you'd play the tradeoff game. Maybe it's not such a big deal, since most of the effort goes into compromising windows systems, but I'll defer to a more experienced administrator for that call...
Originally posted by BenODen Oh, I guess there's at least one security downside that I forgot about. It's almost too obvious, but it's still worth mentionning.
It's more difficult to keep up with security updates on a Live-CD based system. Every time someone finds a critical vulnerability in one of the packages you use, you have to modify your CD.
<snip>
-Ben
Hi again!
Mmm - a very good point that you mentioned here ... :-) Very true too, that a Live-CD would be difficult (if not impossible) to update with security fixes.
One thought occurred to me - I wonder if usermodelinux could help in this area (just thinking out loud :-) )
What I mean is - suppose you access the net using (say) Mozilla which is running in a UML session. That's something that I have wondered about. I've never used UML, but it sounds pretty useful on the security front (and certainly there are lots of ISPs deploying it .) Anyway - enough from me for now!
Thanks again -
- mooseman
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.