Hi all,
I'm interested in putting together a customized secure thumb drive
linux distribution as a demo project.
Primary goals:
- Security, security, security. This OS should make any HW safe to
run on, and provide a safe environment from which to connect to a
secure network from outside the firewall, via secure VPN.
- Read-only OS partition, passphrase encrypted.
- Run solid anti-virus, firewall and rootkit detectors by default.
[Is rootkit detection necessary if /boot, /bin, /sbin, /usr and
/etc are read-only?]
- Read-write /home partition, at least 1GB, passphrase encrypted, to
store persistent user data.
- Backup software to mirror user data when plugged into secure
docking station.
- Mechanism to upgrade OS partition on a regular basis to handle
security updates.
- Support for secure VPN software.
Optional goodies:
- Either KDE or Gnome available from kdm/gdm login screen.
- Netbook edition.
- Firefox, OpenJDK, VNC, texlive, OpenOffice, etc.
- Non-free software such as Adobe Macromedia Flash, Skype, etc.
The idea here is to demonstrate that, rather than provide a secure
laptop to every employee who needs access from outside, you could
accomplish the same goals with a secure bootable thumb drive.
Departments could save capital, avoid the Microsoft tax and make
employees more productive.
I'm shooting for OS + packages under 7GB, which I think is more than
reasonable. On a 16GB USB drive, you could have a relatively large
user space for under 40 dollars.
I think I could do this with Ubuntu, but am open to suggestions.
The floor is open ... :-)
Ted
--
Frango ut patefaciam -- I break so that I may reveal
