This new distribution targets the telecommuting market, and is designed to create a secure node for connection to businesses external network via Virtual Private Networking.
Although VPN is nothing new, the risks posed by allowing uncontrolled systems (i.e. the users home PC) to connect has always been a bane of Network Administrators. Unfortunately, no matter how secure the VPN connection, if the users terminal has been compromised, no amount of encryption on the connection will help.
LPS presents a formal approach to this, one already utilised by many security professionals, but also provides a standard OS for businesses to support. LPS is a ‘live’ distribution, this means that it runs entirely from a CD/USB stick and no data need be written to, or loaded from the system harddrive.
The OS is readonly, so even if it were compromised, once the user reboots their system the OS is restored to it’s original state. Any business looking to deploy LPS should write a strong policy on it’s use, including a requirement for regular reboots (to prevent users leaving the system continually logged in).
LPS is released in three different flavours;
- LPS-Public - Contains a SmartCard enabled Firefox install to allow use of Web Applications
- LPS-Public Delux - Also contains OpenOffice and Adobe Acrobat Reader
- LPS-Remote Access - A custom build tailored specifically for your organisation
Both LPS-Public versions are available for download (free) from the DoD’s site. Because LPS-Remote Access is a customised solution, it must be requested from the DoD.
Things to Watch
Any organisation wishing to deploy this solution needs to consider it’s hardware security standards. Many organisations (quite rightly) have disabled booting from CD/USB in the BIOS of their machines, to utilise LPS from work machines (i.e. a laptop) this would need to be re-enabled. There’s little reason, for most businesses, to insist that users utilise LPS from a work supplied machine though, as the read only nature means that no traces will be left on the users home PC.
Be aware that if you do opt to re-enable booting from CD/USB, there’s very little way to control what is booted (for example local administrator privileges could be gained by booting OPHCrack), so a full security assessment should be undertaken before it is considered a viable option.
There are a lot of distributions that maintain a strong focus on security, so in that respect LPS is not that different. Live distributions are also nothing new, although to my knowledge LPS is the first to provide such a strong focus on telecommuting. As the practice of working from home becomes more widespread, it’s likely that LPS is going to be in greater demand.
Where allowing remote access to your systems could be beneficial to your business, LPS is certainly worthy of strong consideration.