With all the hundreds of Linux distributions already available for practically every niche and purpose, users of the open source operating system are accustomed to having a wealth of choices. Recently, however, the set of options got even bigger thanks to a brand-new, security-focused Linux distribution from none other than the U.S. Department of Defense.
Targeting telecommuters and others who need to access corporate and government networks from less-than-entirely-secure remote locations, Lightweight Portable Security (LPS) is a lightweight Linux distribution that creates a secure end node from just about any Intel-based PC or Mac computer.
Created by the Software Protection Initiative under the direction of the Air Force Research Laboratory and the DoD, the software works by booting a thin Linux operating system from a CD or USB flash stick without mounting a local hard drive. Nothing need be installed, and administrator privileges are not required. Three versions are available: LPS-Public is a general-purpose solution for using Web-based applications; LPS-Public Deluxe adds OpenOffice and Adobe Reader software; and LPS-Remote Access is for accessing organizational private networks.
LPS-Public and LPS-Public Deluxe are each available as a free download from the DoD’s LPS site, but LPS-Remote Access is available only upon request. A quick-start guide (PDF) aims to help users get up and running on the distribution.
Rebooting for Extra Security
Designed for general Web browsing and connecting to remote networks, LPS-Public includes a smart card-enabled Firefox browser supporting Common Access Card (CAC) and Personal Identity Verification (PIV) cards, a PDF and text viewer, Java and Encryption Wizard – Public. Essentially, the software turns an untrusted system such as a home or hotel computer into a trusted network client: “No trace of work activity (or malware) can be written to the local computer. Simply plug in your USB smart card reader to access CAC- and PIV-restricted U.S. government websites,” the DoD explains.
Because it’s designed to run from read-only media and without any persistent storage, LPS is not continually patched the way most operating systems are. It is updated regularly, however, at least through quarterly patch and maintenance releases. Users should update to the latest versions to have the best protection, DoD says.
The most malware can do, meanwhile, is run within a single session. For heightened security, the DoD recommends rebooting between sessions or just before particularly sensitive ones, such as when online banking is to be done. LPS should also be rebooted after visiting risky websites or when there’s reason to suspect malware might have been installed.
A Friend for Remote Workers
Bottom line? There are other security-focused Linux technologies out there, including Security Enhanced Linux (SELinux) from the National Security Agency.
LPS’s telecommuter focus, however, makes it a potentially compelling choice for the growing masses of business and government users who rely on remote access. As a regular telecommuter myself, this is one I’ll be checking out.