Following up this thread ... just heard of this interesting development: http://www.prnewswire.com/news-releases/lockheed-martin-introduces-ironcladtm---secure-computing-on-a-usb-flash-drive-81977922.html
http://www.lockheedmartin.com/products/IronClad/ Ted On 18 Nov 2009 12:10:01 -0800, Ted Stern wrote: > > Hi all, > > I'm interested in putting together a customized secure thumb drive > linux distribution as a demo project. > > Primary goals: > > - Security, security, security. This OS should make any HW safe to > run on, and provide a safe environment from which to connect to a > secure network from outside the firewall, via secure VPN. > > - Read-only OS partition, passphrase encrypted. > > - Run solid anti-virus, firewall and rootkit detectors by default. > [Is rootkit detection necessary if /boot, /bin, /sbin, /usr and > /etc are read-only?] > > - Read-write /home partition, at least 1GB, passphrase encrypted, to > store persistent user data. > > - Backup software to mirror user data when plugged into secure > docking station. > > - Mechanism to upgrade OS partition on a regular basis to handle > security updates. > > - Support for secure VPN software. > > Optional goodies: > > - Either KDE or Gnome available from kdm/gdm login screen. > > - Netbook edition. > > - Firefox, OpenJDK, VNC, texlive, OpenOffice, etc. > > - Non-free software such as Adobe Macromedia Flash, Skype, etc. > > The idea here is to demonstrate that, rather than provide a secure > laptop to every employee who needs access from outside, you could > accomplish the same goals with a secure bootable thumb drive. > Departments could save capital, avoid the Microsoft tax and make > employees more productive. > > I'm shooting for OS + packages under 7GB, which I think is more than > reasonable. On a 16GB USB drive, you could have a relatively large > user space for under 40 dollars. > > I think I could do this with Ubuntu, but am open to suggestions. > > The floor is open ... :-) > > Ted -- Frango ut patefaciam -- I break so that I may reveal
