Encrypted LAMP Live USB Needed - Can this be done?
I have a friend who is in education and is assembling quite a large repository of flash material with voice-overs. As the intended audience would be a dozen or so students, it is not ideal to host this on an internet website as the bandwidth constraints for all that voice-over would be rather large per client. Being a Linux devotee, I naturally started scratching my head for ways we could provide a solution for him.
Let me start with the requirements as that paints the picture:
1) MUST protect the course content at minimum with encryption - End users should have no access to these files except via the web server. We need to make sure nobody can mount the file-system and simply copy the material.
2) Should provide relief to the instruction facility's internet bandwidth - We can get internet access, but streaming all of that voice-over is likely too large of an impact.
3) It must be simple to use - Initial thoughts are a Live USB or a VM, but again #1's encryption requirement is imperative.
4) It should be lean - Doesn't need a GUI. Should boot to a screen showing what it's DHCP IP is and that's it.
5) Secure the guest OS as much as possible - All configurations should be capable via an admin webpage. I would also prefer it if the instructor didn't have a user account on the OS at all. Ideally, the OS boots, services run and auto-decrypts the class material and end users cannot touch it whatsoever.
So my first thought was an encrypted Live USB LAMP distro but am having difficulty finding such a creature. Also, I am not sure it would boot if the entire drive were encrypted. That led me to simply encrypting the class contents directory, but I am uncertain if a script / service can decrypt it only for the webserver user's use.
A VM is another option, but again, how to encrypt it and protect the data from the user and have it boot. I am fairly confident this is possible, just not sure of an approach on how to tackle it.
Any suggestions?
|