The Air Force's secure Linux distribution

The Air Force's secure Linux distribution

Summary: Linux has long had a close, working relationship with governments, but Lightweight Portable Security (LPS) is the first official U.S. Linux distribution.

SHARE:

Outside of the U.S., there are several "national" Linux distributions. These include China's Red Flag Linux; Turkey's Pardus, and the Philippines' Bayahnian. Other countries, like Russia, are on their way to moving their entire IT infrastructure to Linux and open-source software. In the U.S., the government, especially the military, makes use of Linux all the time. Indeed, Security-Enhanced Linux (SELinux), the most popular software set for hardening Linux against Linux is sponsored by the National Security Agency. But, there hasn't been a national American Linux desktop distribution... until now.

The Software Protection Initiative (SPI) under the direction of the Air Force Research Laboratory and the US Department Of Defense recently created Lightweight Portable Security (LPS). Like the name indicates, this is a small Linux desktop distribution that's designed for secure use.

LPS is designed to boot from a CD or USB pen-drive on any Intel-based computer. It doesn't install anything. It's designed solely to run solely in memory and to leave no traces behind when you're doing running it.

According to the SPI, LPS "allows general Web browsing and connecting to remote networks. It includes a smart card-enabled Firefox browser supporting Common Access Card (CAC) and Personal Identity Verification (PIV) cards, a PDF and text viewer, Java, and Encryption Wizard - Public." With it you can turn your untrusted Windows or Mac home or public system into a trusted network client. "No trace of work activity (or malware) can be written to the local computer."

It's not your usual operating system in other ways as well. "LPS isn't meant to be patched. When it's updated, you need to download a new virgin copy of the operating system. LPS is updated at least every quarter. To get the best possible protection the SPI recommends you simply download a fresh copy of the distribution with every update.

LPS has a very simple interface based on the IceWM desktop. More than anything else LPS looks like Windows XP. As you'd expect from a "safety first" distribution, it comes with a minimum of applications. These include the older, but still essentially secure, Firefox 3.6.22 Web browser, the Leafpad text editor, and the OpenSSH secure shell client and Citrix XenApp client for running remote desktop sessions.

For some reason, the distribution also includes Adobe Flash. Considering Flash's recent checkered security record, I wouldn't have included it had this been my distribution.

The encryption wizard is simple for anyone over the age of eight to use. When you launch it, you get a small window where you can drag-n-drop files to work on. Once there, you have three large buttons at to choose from: "Encrypt," "Archive," and "Decrypt." I think anyone can handle that! There's also a Deluxe version of the distribution that comes with OpenOffice and Adobe Acrobat.

Is this distribution for everyone? Heck no. But, if you want a secure desktop operating system you can carry in your pocket and use on almost any computer you're likely to find, it's well worth burning to a CD or USB drive.

Related Stories:

The Linux desktop is dead. Long live the Linux desktop.

The Five Best Desktop Linux Distributions

What's coming in Ubuntu's new Unity Linux desktop

Ubuntu Linux makes musical friends with the Apple iPhone

The top five Linux desktop vendors

Topics: Hardware, Linux, Open Source, Operating Systems, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

48 comments
Log in or register to join the discussion
  • RE: The Air Force's secure Linux distribution

    Three of the biggest attack vectors for all operation systems (java, flash, pdfs) and an old browser that's not going to be up to date against new attacks.

    Thanks, guys.
    ~taxpayers
    dzdrazil
    • obviously, you missed the part that said...

      @dzdrazil

      [i] ???LPS isn???t meant to be patched. When it???s updated, you need to download a new virgin copy of the operating system. LPS is updated at least every quarter. To get the best possible protection the SPI recommends you simply download a fresh copy of the distribution with every update."[/i]

      And the big 3 attack vectors (java, flash, pdf) for Linux is [i][b]a lot[/i][/b] different than the same for Windows.
      UrNotPayingAttention
  • Flash and Java vulnerabilities have not been exploited on the Linux desktop

    From the article:<br>"For some reason, the distribution also includes Adobe Flash. Considering Flashs recent checkered security record, I wouldnt have included it had this been my distribution.<br><br>An advantage to running a desktop OS with less than 2% market share. And if you're worried, just reload the IceWM or, better yet, reboot. Rebooting is probably not a bad idea anyway if you are going to initiate an online banking or securities trading session.<br><br>The Debian Live Project is another good option that provides periodic iso and img updates:<br><br><a href="http://live.debian.net/" target="_blank" rel="nofollow">http://live.debian.net/</a><br><br>And Debian won't include the Adobe Flash Player or Reader as they're proprietary. <img border="0" src="http://www.cnet.com/i/mb/emoticons/happy.gif" alt="happy">
    Rabid Howler Monkey
    • SELinux

      @Rabid Howler Monkey
      The Apps in this Distro are sandboxed (Linux Security Module: SELinux), so if there's a bug, it goes nowhere as SELinux simply will deny privilege escalation.
      Dietrich T. Schmitz *Your
      • SELinux

        @Dietrich T. Schmitz * Your Linux Advocate wrote:<br>"The Apps in this Distro are sandboxed (Linux Security Module: SELinux), so if there's a bug, it goes nowhere as SELinux simply will deny privilege escalation.<br><br>See this blog article from August, 2010, "Skeletons Hidden in the Linux Closet: r00ting your Linux Desktop for Fun and Profit", at The Invisible Things Lab's blog. Yes, a Linux kernel privilege escalation from *inside* SELinux (it has since been fixed). A malicious PDF document is even used as the example.<br><br>But, not to worry as I'm sure that this was the last privilege escalation flaw remaining in Linux.<br><br>Rebooting live media prior to initiating sensitive transactions is good security practice.
        Rabid Howler Monkey
        • Not ordinarily an issue

          @Rabid Howler Monkey

          The nature of open source Distros is such that the repository maintainers ensure that an update reaches your PC if/as/when a patch becomes available--that goes for the underlying O/S as well as Apps. Always been that way.

          Peace. Out.
          Dietrich T. Schmitz *Your
      • Not ordinarily an issue

        @Dietrich T. Schmitz * Your Linux Advocate <br><br>Agreed, 'ordinarily'. However, this particular bug was likely present in the 2.6 kernel when it was released in late 2003. And it was discovered in 2010 (by the good 'guys') and fixed shortly thereafter by the kernel devs on the 2nd try. The 1st try was botched (see the first comment on the ITL blog article referenced in my above post).<br><br>The bad 'guys', however, will not notify the good people at kernel.org or elsewhere, exploits will be crafted for discovered bugs/vulnerabilities and Linux systems will get hacked. And while sandboxing does indeed enhance security on any OS, it is nowhere near 'bullet-proof'. It's just another layer in defense-in-depth.<br><br>Live media, whether the USAF's secure distro or Debian Live, provides considerable security, especially when rebooted prior to initiating sensitive transactions. The advantage of these two live distros is their more frequent updates (e.g., relative to Ubuntu's 6-month release cycle).<br><br>P.S. Where do you get that the LPS Public edition has SELinux enabled? It's not mentioned in the Public Edition's User Guide. And these reviews indicate that SELinux has not been enabled:<br><br><a href="http://www.techrepublic.com/blog/opensource/a-new-linux-distribution-for-the-security-minded/2765" target="_blank" rel="nofollow">http://www.techrepublic.com/blog/opensource/a-new-linux-distribution-for-the-security-minded/2765</a><br><br><a href="http://lwn.net/Articles/419849/" target="_blank" rel="nofollow">http://lwn.net/Articles/419849/</a>
        Rabid Howler Monkey
    • RE: The Air Force's secure Linux distribution

      @Rabid Howler Monkey

      "OS with less than 2% market share."

      This has nothing to do with market share. It's the architecture.
      Aaln
      • RE: The Air Force's secure Linux distribution

        @Aaln wrote:
        "This has nothing to do with market share. It's the architecture.

        Yeah, right ...

        kernel.org
        linux.com
        mysql.com
        ...

        Linux servers play in the major league and they get hacked. Linux desktop users are safe because their market share is so low, not because Linux and the various distros built around it are secure. The malware miscreants simply don't care about the Linux desktop.

        Like any OS: configuration + patching + monitoring. And one can still get pwned via 0-day exploits. Thus, monitoring.

        For your reading pleasure:

        http://www.amazon.com/Hardening-Linux-James-Turnbull/dp/1590594444

        And for the Linux desktop, peruse some of the posts at The Invisible Things Lab's blog. Expand your mind.
        Rabid Howler Monkey
      • RE: The Air Force's secure Linux distribution

        @RBH: And in how many of these case were it exploits in the OS that let the attackers in, not things like leaked passwords (spyware, weak passwords or shoulder-surfing) or bad PHP code/SQL query handling?
        Natanael_L
      • RE: The Air Force's secure Linux distribution

        @Aaln Try 1%.
        jhammackHTH
  • Any memory encryption?

    ...because if RAM contents aren't encrypted, you can still recover data from dynamic RAM by freezing the RAM chips and accessing it later. Not great when you consider military bases in the Arctic.
    Joe_Raby
    • Re: freezing RAM

      @Joe_Raby

      Ok, well, let's go ahead throw the "Military bases in the Arctic" out the window, because I'm sure those bases have walls, doors, heating units, etc... unless you're suggesting they just have rows and rows of terminals sitting on tables outside?

      As far freezing the RAM, yep, you're right. All a would be hacker has to do is get the military tech to fire up a session of SEL, do their work...and when the military tech is done, the hacker can ask them to hold the screwdriver while the hacker freezes the RAM chips, takes them out, loads them up... then he's off to perform forensics.

      ...I'm sure the military tech won't mind.
      UrNotPayingAttention
      • RE: The Air Force's secure Linux distribution

        @chmod 777

        Well, the nature of the military is that their bases do get attacked from time to time, whether they mind it or not.
        Michael Kelly
  • RE: The Air Force's secure Linux distribution

    There is no reason to settle for a cheap imitation of Microsoft Windows XP when the Air Force has been using a secure version all along.

    http://www.engadget.com/2009/05/01/air-force-now-using-super-secure-version-of-windows-xp/

    Also with anyone being able to throw code into linux there is no way to tell if its secure or not which is why we are always hearing about trojans on it. Its a big no-nix to linux for me.
    LoverockDavidson_-24231404894599612871915491754222
    • RE: The Air Force's secure Linux distribution

      @LoverockDavidson_
      LOL!
      Love - I enjoyed the part of the article from 2009 - The custom build ships with over 600 settings bolted down, and a security patch turnaround of just 72 hours compared to the standard edition's 57 days. It is now 2011 the Air Force stopped using XP.

      LPS is the only Department of Defense-approved remote access solution using non-Government-Furnished Equipment.
      daikon
    • They're using XP, eh?

      @LoverockDavidson_

      Maybe that's why WMDs were never found? ;)

      Of course, Loverock, by pointing out that specially designed 'secure version' of XP...

      what you're also saying is that all other versions are insecure, just by deductive logic. :(
      UrNotPayingAttention
    • RE: The Air Force's secure Linux distribution

      @LoverockDavidson_ <br><br>I think you have Linux and windows mixed up, where is one of these Linux trojans you speak of?<br><br>And you can't tell if windows is secure or not (but well all know that it isn't) because they hide the source code, remember the NSA backdoor? well its too bad that you can't check the code yourself to find out if its true or not.
      guzz46
      • RE: The Air Force's secure Linux distribution

        @guzz46

        Ludricous argument, there is no normal person in this world who is going to review 40 million lines of code to check for vulnerabilities, prior to using the os.

        Windows is secure, there is no need to actually review the code to state this, it has proven it's security ever since they hardened it when they introduced Vista.

        Last time I looked the linux foundation was still down, I guess even i. The open source community, reviewing of code isn't cottage industry either.
        sjaak327
        • Yes it has

          It has proven repeatedly that it is the worst ever OS regarding security.
          laserguidedbomb