User: Password:
|
|
Subscribe / Log in / New account

Lightweight Portable Security

Lightweight Portable Security

Posted Dec 16, 2010 20:55 UTC (Thu) by jake (editor, #205)
In reply to: Lightweight Portable Security by dlang
Parent article: Lightweight Portable Security

> in the article you spent a lot of time talking about how the user can
> still get at the local disks, and my point is that that really doesn't
> matter.

and my point is that it *does* matter ... whether malware exists today that roots around on the local disks for information of interest, or to alter the installed OS, doesn't really matter -- though i suspect there are isolated cases of that kind of malware out there already ...

the organization sponsoring LPS is set up to protect the data of the DoD, which may well reside on the local disks and/or the USB stick ... if DoD employees are using this at home or on their laptops as some sort of "secure web browser", and have local data of interest, there is a problem, no?

and if we are protecting against nation-state class attacks, those actors developing targeted malware to access or modify that local data is most certainly in the cards ...

i guess i didn't miss your point, i just disagree :)

jake


(Log in to post comments)

Lightweight Portable Security

Posted Dec 16, 2010 23:01 UTC (Thu) by dlang (subscriber, #313) [Link]

this is intended to protect the DoD data, but the intention as I read it is to use unknown hardware to securely access DoD data.

not to boot this on a secured DoD system and access insecure networks (things like disk encryption, firewall rules, air-gapped networks, etc would come in to play to prevent this)

if the user has sensitive data on their local machine that is a problem completely separate from LPS, and LPS can't solve the problem (the person can just boot into the normal OS of the box, or boot from another live CD, in any case that data is exposed)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds