[CentOS] Security advice, please

Robert Moskowitz rgm at htt-consult.com
Thu Dec 25 14:27:05 UTC 2008


Lanny Marcus wrote:
> On Wed, Dec 24, 2008 at 12:43 PM, Bill Campbell <centos at celestial.com> wrote:
> <snip>
>   
>>> Hi Warren, Nice explanation.  I would like to ask what you
>>> recommend people do if they want to be able to ssh in from
>>> anywhere on the internet. Say they are going to be traveling and
>>> they know they will have to login from machines they have no
>>> control over, like an internet cafe or a Hotel's business
>>> services suite?
>>>       
> <snip>
> I again offer you my "solution", which is to take with me "Live CDs"
> for CentOS 5.2 and Knoppix. I reboot the box in an Internet cafe, from
> a Live CD, do what I need/want to do, and when I am done, I remove the
> Live CD and reboot the public box again. I have not installed anything
> on their box and I am much safer, surfing, etc., on a public box.

If you MUST use a public computer, this is the only sensible approach.

If you cannot boot a public computer from a Live CD or USB, you should 
not use it at all.

Marginally, if you can have Firefox run from a CD or USB, you are 
marginally protected.

You have no idea what has been installed on a public computer. There 
could even be a key capture device on the system that would get you even 
a Live CD.

Don't like to carry a compter? Got a few hundred to protect your life? 
Get an ASUS. If you have $1500 get an OQO (you can carry that almost in 
your pocket). Just get your own computing platform.

Once upon a time, MIT had a little red button on their public SUN 
systems. You pushed the button and got a assured clean boot from their 
protected server (and I know the people protecting those servers, they 
were never compromised). After you finished, you could hit the red 
button and leave nothing behind. I don't know what they do at MIT or 
anywhere else these days. I would never trust a public computer for 
anything I would not leave on an empty seat in an airport.

Yes I have printed off presentations at hotel business centers and used 
their airline boarding pass systems. But that is IT!

Either your own boot environment (and check for key stroke loggers), or 
your own system.

Next we will address security WRT to your own system.


I *****AM**** paranoid, it is my business!






More information about the CentOS mailing list