Gentoo Archives: gentoo-security

From: Helmut Wuensch <helmut@××××××××××××××.de>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Boot CD for secure remote access
Date: Wed, 23 Nov 2005 22:42:15
Message-Id: 200511232335.50138.helmut@helmut-wuensch.de
In Reply to: [gentoo-security] Boot CD for secure remote access by Jeff Gercken
On Wednesday 23 November 2005 21:29, Jeff Gercken wrote:
> I've been chewing on this idea for a while and am hoping someone on the > list may help me with a concern. > > The notion is that big company B will distribute CDs to employees to use
[...]
> This seems fairly straightforward but then why isn't anyone doing this > already? What haven't I considered?
Hi, sounds interesting (and i personally like this idea), but i think it is much more easier/reliable (but also more expensive) for a company to equip their employees with special pre-installed notebooks that have an encrypted filesystem together with some kind of hardware-token for authentication. The problem is, if you cannot trust the hardware you're booting the cd from, then there is not much use in any well-designed security-boot-cd. Just think of tampered hardware with some kind of hardware-keylogger installed (for example http://www.keyghost.com/) I think this is just one aspect why so many companies spend so much money in expensive notebooks for their external workers: they have control over the software _and_ the hardware. Maybe the use of TPA-Architectures will solve this problem in the future (*lol*), but i think this is completely another story :) regards, Helmut -- Helmut Wuensch, Dompfaffstr. 140, 91056 Erlangen PGP/GPG public key available at http://www.helmut-wuensch.de fingerprint: 20B7 519F 8912 4606 F516 FF2D 417E EF82 5C9E 235A