Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: secure live-cd

from [Chris Serafin] Network Security [Permanent Link]
Subject: RE: secure live-cd
Date: Tue, 20 Dec 2005 22:11:33 -0600 
You should look into using WHax or Auditor live linux cd's, I don't know how
secure they are out the box, but they are pen testing cd's; and rock at that
feature.  

Chris Serafin
IT Security / Voice Engineer
chris@chrisserafin.com





-----Original Message-----
From: Stephen J. Smoogen [mailto:smooge@gmail.com] 
Sent: Sunday, December 18, 2005 9:34 PM
To: alfonso@yahoo.com
Cc: security-basics@securityfocus.com
Subject: Re: secure live-cd

On 14 Dec 2005 19:28:23 -0000, alfonso@yahoo.com <alfonso@yahoo.com> wrote:

hello list,

  I was looking for someting like a live cd to be used in secure

comunications over the internet from unsecure places like public computers,
internet cafes etc. The cd would contain applications like gaim with
gaim-encryptions, silc (client & server), email client with gpg encryption.
I don't know if there is such a distro and if it does exist how does it keep
the gpg jeys and all the other private keys safe...




Knoppix and similar tools would be your starting point. HOWEVER, there
would be the problem of the secret keys used by gpg, gaim, etc.
Burning them onto the cdrom would be problematic in that a) you would
need to have a cd per individual, and b) you would need to make sure
that the cdrom did not get lost as then the secret key would be
compromised.

Ways around this would be that you set up a centralized key authority
that requires the person to boot the cdrom, prove to a level of
confidence that she is who she says she is, and then retrieves the
keys to ram. Another would be to have on a USB or some other data chip
the secret keys and they can only be unlocked by a strong password.

At any point along this, you would need to keep your trust of any
individual/group using these disks to Knee Cap level. That is the
level where someone would give up the passwords to unlock their
passwords rather than having their knee caps wrenched apart.


--
Stephen J Smoogen.
CSIRT/Linux System Administrator

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning,

Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfoc_ml
----------------------------------------------------------------------------




---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Question on VoIP security, Chris Serafin
Next by Date:  Re: PGP HD solutions, Nathan L. Anderson
Previous by Thread:  Re: secure live-cd, Stephen J. Smoogen
Next by Thread:  Re: secure live-cd, Devesh Misra
Indexes:  [Date] [Thread] [Top] [All Lists]