Logo 
Search:

Unix / Linux / Ubuntu Forum

Ask Question   UnAnswered
Home » Forum » Unix / Linux / Ubuntu       RSS Feeds

Running an Ubuntu Live CD to websurf securely

  Date: Jan 04    Category: Unix / Linux / Ubuntu    Views: 530
  


I run a Live CD, Ubuntu Fiesty (rel. 7.04) on a desktop from a dial-up
account. None of my disks are at risk when I web surf, not due to any
special security software like the iptables firewall I initialize
after I am powered up and subsequently connected to the Internet, but
because I specifically unmount my disks before I am connected to the
Internet. I have 1GB of volatile RAM. If any malware were to get
through during a session, since the malware has only deposited itself
into the Live CD file system built in memory (RAM), when I power down
the malware will be no more.

I have written scripts to install a restricted iptables firewall and
an upgrade environment to the Live CD software. For example, Fiesty
comes with Firefox 2.0.0.4, but I have a way that is not unlike a USB
persistent flash drive to retain my updated environment - I run with
the latest Firefox 2.0.0.6 updates. Other updates allow me to play
videos, etc.

The way I add software updates that is available from repositories is
to use only the Synaptic Package Manager after using only the Check
function of the Update Manager under the System->Administration menu
selection.

After the updates are installed, there is a package.list associated
with the software located in the directory /var/lib/dpkg/info. What I
do is to copy the package.list file to the / directory as root
renaming a copy to packagename.list.orig. I then edit the
package.list file to remove all directory only paths, retaining only
the full path names of all of the files related to the update. Then,
as root, I run the command:
# tar -cf packagename.tar `cat packagename.list`
# bzip2 packagename.tar
which creates packagename.tar.bz2

Of course, at this point in time, I am not connected to the Internet -
no access in or out. Then I mount my other Linux disk and save both
the packagename.tar.bz2 file, and both .list files, and then edit my
initialization scripts to install the updates after my Live CD
environment boots up the next time I use my system.

I use the following Firefox add-ons: NoScript, ShowIP, FasterFox,
CustomizeGoogle, DownThemAll, FireFTP, FlashGot, and Update Notifier,
and also have the latest Flash and Java JRE software updates.

I have recently installed Opera's latest release and am currently
exploring it's use.

That's how I do it. You can do it too! No need for all of the extra
cost software it takes to keep WinXP Pro SP2 safe. I am now exploring
the use of USB Flash drives with a persistent Ubuntu environment to
replace my use of the Live CD scheme. Fiesty is currently broken with
regard to its persistence, so I'll look to Gutsy to fix that, hopefully.

Share: 

 

2 Answers Found

 
Answer #1    Answered On: Jan 04    


Do you have so much time that you will run your system
each time on Live CD. Why are you taking so much
effort. If you Liked so much then why r u not
installing Ubuntu. Even after installing u can do all
those thing which u r doing now like unmounting all of
your drives etc. And that also will be only one time
effort only.

 
Answer #2    Answered On: Jan 04    


With an installed OS, the disks are exposed and it would not be as
secure. An installed OS records status in the logs and searches the
disks for commands, and so the disks must be accessible - i.e. you
cannot unmount them while you are actively running programs in an
installed OS environment like being connected to the Internet and web
surfing. For example, where do you think new bookmarks are saved? On
disk, of course, like in a bookmarks.html file. I just happen to save
my in-Ram browser environment after each session onto a mounted disk
after my connection to the Internet is shutdown. A small price to pay
for the increased security - its just a few commands.

Security is a figment of the imagination anyway. I'm sure a
determined cracker can get in anywhere they want - but, when they do,
they either have the skills or don't, and most crackers don't. I
happen to like not having my disks exposed for that extra measure of
obstacle for any malware that gets past my restricted firewall. And
when I power down, the malware in-RAM file system is kaput!

Since I have a steep background in system software engineering, I am
not the average user. Doing this is a piece of cake to me. It takes
only a few commands to access my hard disk, pull the initialization
scripts over to the Live CD environment and then initiate a connection
to the Internet - less than 1 minute after it boots up.

 
Didn't find what you were looking for? Find more on Running an Ubuntu Live CD to websurf securely Or get search suggestion and latest updates.




Tagged: