|
Anonymous #1
|
A secure environment using a Live CD
#17762731 - 02/07/13 03:51 PM (11 years, 3 months ago) |
|
|
Alright folks,
I'm hoping someone here who is clued up on their IT security knowledge can help me out. Recently I've been trying to create a secure environment using an old laptop that I've had laying around the house. When I mean secure, I mean I'm looking to build a system that can help keep be flying under the radar. Ideally, I want to create a hidden OS using TrueCrypt and have everything run off an encrypted USB pen. Can someone point me in the right direction?
No doubt there is guides out there bu I've not been able to find anything really suitable. A walk through on something similar would be awesome. At least that way I could take my time and work through each stage slowly to let everything soak in so I know exactly what I'm doing. If there's nothing out there, any sound advice would go along way!
With regards to what distro to use, I'm still undecided. I know I'm going to go down the Linux route since we all know it's a far safer environment to be running. A close friend recommended Privatix but their documentation wasn't great which never helped at all.
Now I must stress, this won't be my day to day machine. I'll only intend on running this system from time to time whenever necessary. It may seem like hard work but it's been something that's been playing on my mind now for quite time and with the weekend upon us, I plan on getting started.
So to summarize what I'm after:
- Recommend a suitable distro - I was recommended http://www.mandalka.name/privatix/download.html.en but I'm not sure how suitable this would be
- How do I go about setting up a hidden OS using TrueCrypt
- Can I use a USB pen to book from disk and if so how?
- Could I encrypt the USB pen since it's 64GB. This is where I'd like to install both OS's.
If there is anything else I have missed or that you can think of, please feel free to reply as I'm open to suggestions. If there's any questions on your mind, please don't hesitate to ask so we can get things sorted.
As always, any help would be much appreciated.
|
nooneman


Registered: 04/24/09
Posts: 14,714
Loc: Utah
|
Re: A secure environment using a Live CD [Re: Anonymous #1]
#17764482 - 02/07/13 09:28 PM (11 years, 3 months ago) |
|
|
Truecrypt doesn't work with linux, you'll have to use linux's own encryption functionality which is actually better than truecrypt, but it's harder to set up a fake OS if you want to go that far. With linux's built in encryption an attacker won't even be able to tell where one partition stops and another starts.
You want to pick a distro that is updated as often as possible, but if you're fairly new to linux you also want to pick one that's relatively easy to use. I'd recommend Debian, but it's my favorite distro to begin with. Ubuntu or Mint isn't a bad option. You could always go with Redhat or Slackware if you're hardcore like that.
I believe there is some way to use a USB drive that is required to boot linux, but I have no idea how, other than just installing everything on the USB, and that defeats the whole point. You'll probably need to find it on google, or maybe there's a youtube video going through the procedure.
Debian has a nice option during install that practically does all the basic encryption stuff for you. It's pretty nice. I bet Ubuntu has something similar.
Edited by nooneman (02/07/13 09:29 PM)
|
Alan Rockefeller
Mycologist

Registered: 03/10/07
Posts: 48,392
Last seen: 2 days, 23 hours
|
Re: A secure environment using a Live CD [Re: nooneman]
#17764821 - 02/07/13 10:34 PM (11 years, 3 months ago) |
|
|
You could use a livecd like backtrack or linux mint, and just not mount your local drive at all. You don't even need a hard drive. If you need to save stuff, encrypt the files and copy them to a shell server somewhere. I've used computers that had a crashed hard drive for years like that - no drive = no evidence. Make sure to set your screen saver to lock after a couple minutes of inactivity, because if your screen isn't locked when the feds bust in, you are hosed.
Also the linux encrypted filesystem is quite good, they won't be able to crack that. You could make an encrypted filesystem on a usb key. I don't bother with that though, I use rsync over ssh to copy all my important stuff to a server in another country. That way I have access to it no matter where I am as long as there is internet.
|
AlCapwn
ID Reset, take that subpoena


Registered: 02/03/07
Posts: 2,957
Loc: Canada
Last seen: 2 years, 11 months
|
|
I second Backtrack, Mint or Debian. Of the 3 I prefer Mint, it looks the nicest if you care. Backtrack is the most secure from the get go out of the three, but it has a steeper learning curve if you're new to Linux. I'd at least take example from backtrack, it boots without it's network interfaces mounted so you don't let on that you're on a network until you manually start it. It's safer that way, so you don't accidentally connect to a network and make your presence known. Even if you're at home, your OS may connect to time servers and things like that to update time or other stuff so safest way is no connection.
For encryption, it will be much easier to just encrypt your home folder. Full disk encryption is redundant, unless you want to hide all your system files from a surface scan or something. But if it's just data you're protecting, then just encrypt your home folder and put all your sensitive files there. Mint I know will actually encrypt the disk for you, it's a simple check box during the installation.
Quote:
How do I go about setting up a hidden OS using TrueCrypt
Well, don't quote me on this, but as far as I know it's impossible to achieve 100% disk encryption but you can get pretty close. If someone were to run some forensics on it, they would be able to locate the Master Boot Record (If it was encrypted it wouldn't boot).
Quote:
Can I use a USB pen to book from disk and if so how?
From the sounds of it you're not too sure exactly what you're doing. I know you have specific needs, but to be secure you also need to understand what you're doing. This question doesn't really make any sense, because you can only boot from either or. You have to imagine the USB and the Hard Drive to be two identical discs. The only difference is one is built in, the other is removable.
If you install it on a USB, you can plug it into any computer made in the last 10+ years and boot it. You can boot it on a friends computer, for example and it won't effect his computer at all, it'll be exactly the same once you reboot without the USB inserted. One advantage to the USB key is how easy it is to dispose of or hide. If your laptop is seized but your OS is on the USB then there would be no data on the laptop. So it can be useful in a sense.
If you're just going to use the OS on one computer, for example a laptop, the install it on the disk instead. Encryption is generally secure enough to protect your data. Unless you're a threat to US National Security, it's unlikely that anyone will bother trying to crack it, let alone have the computer power to do so. Just use a good password with a lot of characters, upper lower case, symbols preferably random and not a word or name that can be found. If random, memorize it don't write it down cause if someone finds your password well encryption is useless at that point obviously.
Quote:
Could I encrypt the USB pen since it's 64GB. This is where I'd like to install both OS's.
Why do you need 2 OSs? I don't understand. I mean, you could have all 3 distros I mentioned on there if you want, but it's kind of pointless.
As for the encryption, while you can't encrypt a whole disk with an OS on it, you can encrypt the disk without the OS in entirety. For example, you could use the USB for storage only, and have the OS on the hard drive. You could also do it reverse, have the OS on the USB and encrypt the whole harddrive for data storage. In that scenario the laptop will not boot without the USB as it would not have any OS installed on it.
As for privacy, it doesn't stop there. I don't need to know what you need it for, but I do need to know what you need to be able to do with your computer. If you're going to be using the internet, there's a whole new territory of privacy needs that need to be addressed in addition to what I've mentioned.
I know that probably read as Chinese in your head. I can help you out if you'd like, stuff like this is quite my cup of tea. No questions asked. PM me or something.
-------------------- Huuuuurrrrrr!
|
Anonymous #1
|
Re: A secure environment using a Live CD [Re: AlCapwn]
#17771725 - 02/09/13 08:46 AM (11 years, 3 months ago) |
|
|
Firstly thank you for all the useful information. It certainly gives me something to work with and I'll put everyones comments into consideration. I'm honestly quite taken back that TrueCrypt does not work alongside Linux though! In all honesty, I just took that one for granted.
With regards to which Distro to use, I had considered Debian. It seems to be a popular choice and looking at my original post, you can see that Privatix is run off of Debian so it looks like that's what I'll attempt to run in the first place.
Thanks for the heads up Alan about the Live CD. My intentions have been to run off of a Live CD but I need to save files to disk. This is where the issue lies. If I want to save files, I'm needing to figure out what to do with them. Now I guess I could always save them on another machine within a file container using TrueCrypt but it's not best idea I've ever had. It would certainly be a gap in the security side of things and I'm not looking to leave any gaps.
I'm going to do some hunting around and with a little luck, I'll come across a tutorial on how to encrypt a USB pen and possibly even boot from USB with the ability to store a hidden OS on the same USB pen. With how small Linux distros are these days, I shouldn't have any issue storing more than one - that's not the issue. The issue is how do I do it. I'm going to need to hunt around and see if there's any guides online. If anyone can hunt one out for me, it would be much appreciated as always!
BackTrack is a useful tool but it's got far more installed on there than I really require. I'm only looking for a distro running the bare bones. I occasionally use BT from time to time but for what I intend on using an OS for, it doesn't fit the bill. Don't get me wrong though, it's an awesome piece of kit and has some really nifty tools on there! It's just not what I'm looking for.
With regads to internet connectivity, I'm looking to bounce all my traffic through TOR. It's the most sensible option. Once again, it comes back to my research but I need to hunt around to see if there is anything out that there forces all network traffic out using a TOR node. That would work magic and would certainly make my life that little bit easier with one less thing to be worrying about!
I don't want to consider full disk encryption since news laws not state that if required, you must hand out your password. It really does defeat the purpose. Now if you know anything about hidden OS's, you can hand whoever requires the password to the second (legit) OS and it will boot without any hint of there being another OS installed. It's a sweet little trick and something that I really need to get involved with. What's the point running full disk encryption if you have to hand your key out when/if required?
|
Anonymous #1
|
Re: A secure environment using a Live CD [Re: AlCapwn]
#17771750 - 02/09/13 08:52 AM (11 years, 3 months ago) |
|
|
Quote:
AlCapwn said: From the sounds of it you're not too sure exactly what you're doing. I know you have specific needs, but to be secure you also need to understand what you're doing. This question doesn't really make any sense, because you can only boot from either or.
Sorry, I must apologize for that one. I worded my question incorrectly that time round. What I meant to say was can I use a USB pen to boot an OS. I'm aware that a USB and a Hard Disk are two separate devices that can be booted from. I just never made myself clear - making you're life that little bit harder so I do apologize for that.
I must add though, you are completely right. At the moment, I'm still playing the guessing game and until I build up sufficient knowledge, I'm not going to know my toe from my foot. I'm going to spend some time today carrying out appropriate research and hopefully, I might be able to get things sorted. As it stands, my current setup is suitable but it's just not as secure as I'd like it. For peace of mind, I'd like things to beefed up so I don't leave any silly mistakes. I mean what's the point in doing a half assed job? If you're going to do something, it's best to do it right the first time!
Anyway man, I appreciate your help as do I with Alan and nooneman. I had hoped to see a little input from Alan which was nice. If there's one man I can trust with regards to his knowledge regarding security/anonymity, it's that man!
|
Alan Rockefeller
Mycologist

Registered: 03/10/07
Posts: 48,392
Last seen: 2 days, 23 hours
|
Re: A secure environment using a Live CD [Re: Anonymous #1]
#17772896 - 02/09/13 01:54 PM (11 years, 3 months ago) |
|
|
Quote:
Anonymous said: My intentions have been to run off of a Live CD but I need to save files to disk.
You could encrypt the files with gpg and email them to yourself.
Quote:
What's the point running full disk encryption if you have to hand your key out when/if required?
I don't think that's really the case, it's not illegal to forget your password.
There is no law in the US that says you must turn over your password, just a couple disturbing cases. But it's extremely rare that they go that route, and that kind of thing will probably be struck down soon.
|
Anonymous #2
|
|
In the UK it's a multi year sentence to not hand over your password to authorities. Our pal might be a Brit.
|
Alan Rockefeller
Mycologist

Registered: 03/10/07
Posts: 48,392
Last seen: 2 days, 23 hours
|
Re: A secure environment using a Live CD [Re: Anonymous #2]
#17773251 - 02/09/13 03:25 PM (11 years, 3 months ago) |
|
|
Quote:
Anonymous said: Our pal might be a Brit.
Good point!
|
Anonymous #3
|
|
I like to make some points, which may be useful to you:
- Are you using a SOCKS 5 Proxy or VPN for this pen drive distro? If not, then a secure system is great, but it not a complete solutions. So essential to make a secure encrypted tunnel for your browsing.
- Consider using TAILs operating system, which integrates an OS and TOR together.
- Plausible deniability drives that truecrypt offers are not very helpful, because the fake OS cannot be used, which will always look suspicious to any forensicist, unless you will reformat it regularly. You do not stand a good chance with this option yet. Why not try a virtual machine on your host OS? You can delete this frequently and save a clean state of it, which means less work for you. You could essentially wipe clean all use of the virtual OS each time you use it.
- Do you consider masquerading with a fake MAC Address?
If you have more questions, I would be glad to answer them.
|
InFest
George T. Washington



Registered: 10/01/06
Posts: 314
Loc: Marianas Trench
Last seen: 5 years, 9 months
|
Re: A secure environment using a Live CD [Re: Anonymous #3]
#17791761 - 02/12/13 07:35 PM (11 years, 3 months ago) |
|
|
I agree with the above poster. TAILS is a good distro to start out with for you're situation. Well, any situation demanding anonymity. It is a package with that goal in mind. As such it comes with all the tools necessary without the need to configure them yourself.
Backtrack is a good distro too; but it's target audiences are more in the vein of penetration testers / professional security consultants. It is not designed so-ley for the purposes of privacy and anti-forensics like TAILS is.
I prob don't have to tell you that there is no perfect out-of-the-box solution. But TAILS is the closest you can get. But always remember; where there is a will, there is a way. There will always be flaws to exploit. You can use that to you're advantage. And this goes double for you're adversaries. What matters is how educated, how paranoid, how motivated, and how funded you are.
-------------------- One Day at a Time
|
Anonymous #1
|
Re: A secure environment using a Live CD [Re: Anonymous #3]
#17806708 - 02/15/13 12:10 PM (11 years, 3 months ago) |
|
|
Firstly let me say thanks ever so much for the informative responses from everyone once again. As always, it comes much appreciated. Secondly, I do apologize for the late response but I've had an awful lot going on during the week so I've not found myself with a great deal of spare time to get back on-board the Shroomery - oh how I've missed you guys!
Quote:
Anonymous said: In the UK it's a multi year sentence to not hand over your password to authorities. Our pal might be a Brit.
You got it bang on the button mate. I'm based out here in the UK and since the laws have changed, like you have already mentioned, withholding your password carries itself a minimum of a five year sentence. If you really have forgotten your password, well I guess that's just tough luck. Either way, you're going down.
Quote:
Anonymous said: I like to make some points, which may be useful to you:
- Are you using a SOCKS 5 Proxy or VPN for this pen drive distro? If not, then a secure system is great, but it not a complete solutions. So essential to make a secure encrypted tunnel for your browsing.
If you have more questions, I would be glad to answer them.
Ok, I'm going to try work my way through each of your points with the hope that you might be able to help me out further. Firstly, your point regarding a VPN, I currently have a VPN service that I'm paying for but I've used my own credit card whilst signing up. Now it doesn't take a genius to figure out that this method really defeats the purpose. Now I've been reading up about certain VPN services that accept bitcoins as a form of payment. Do you have a particular provider in mind?
Quote:
Anonymous said:
- Consider using TAILs operating system, which integrates an OS and TOR together.
This is something that I'd almost certainly be interested in using. I'm going to look into this OS since I'm looking for something that can provide me with TOR, Pidgin/OTR and PGP. Even if it doesn't offer all of the following services, it's not a great deal since I can download/install them anyway!
Quote:
Anonymous said:
- Plausible deniability drives that truecrypt offers are not very helpful, because the fake OS cannot be used, which will always look suspicious to any forensicist, unless you will reformat it regularly. You do not stand a good chance with this option yet. Why not try a virtual machine on your host OS? You can delete this frequently and save a clean state of it, which means less work for you. You could essentially wipe clean all use of the virtual OS each time you use it.
Funnily enough, this is what I'm currently doing but I think the whole thing is flawed. The reason being is that I'm currently using Windows as my OS whilst using a VM and I want to move to Linux for a number of reasons. The two main factors mainly being the fact that I can learn the tools of the trade and secondly it's far more secure than Windows.
As it stands, for whatever reason, I'm not reloading a fresh image which really does defeat the purpose. Why not? I really don't know. The minute you recommend a new OS to play around with, I'll begin this approach and start using a clean slate each time I load up the VM.
Quote:
Anonymous said:
- Do you consider masquerading with a fake MAC Address?.
Now I'm curious about implementing a fake MAC Address. With regards to what you mentioned earlier with using a virtual machine. Say I was to use Windows as my Host OS with a Linux VM, would I need to fake my MAC address on the host machine or the virtual machine? Or even both for that matter? If so, could you recommend a particular way to go about doing this?!
Thanks for the advice and if you could answer my questions above, I'd me mightily impressed. I'm going to do some reading up now and hopefully get myself a new project up and running shortly.
|
Anonymous #1
|
Re: A secure environment using a Live CD [Re: Anonymous #1]
#17806724 - 02/15/13 12:13 PM (11 years, 3 months ago) |
|
|
Thinking things through, the whole virtual machine concept which I'm currently running throws everything up in the air. If I choose to go down that road, I'm forgetting about what I had initially intended and that was to run everything from off a Live CD using an old laptop that I have laying around. Which of the two methods would you recommend and why exactly?!
|
Alan Rockefeller
Mycologist

Registered: 03/10/07
Posts: 48,392
Last seen: 2 days, 23 hours
|
Re: A secure environment using a Live CD [Re: Anonymous #1]
#17809059 - 02/15/13 05:56 PM (11 years, 3 months ago) |
|
|
Try both ways and see which one you like better.
|
Anonymous #1
|
|
If it only comes to down to a matter of personal preference at this stage, I'll try them both out and see how I get on. After digging a little deeper, it sounds like a VM being stored locally and deleting it is simply not enough. Can you back up that claim?
|
Anonymous #3
|
Re: A secure environment using a Live CD [Re: Anonymous #1]
#17812396 - 02/16/13 09:56 AM (11 years, 3 months ago) |
|
|
I will try to address as many of your questions as I can remember:
1. Any VPN with a secure tunnel will do, which means no PPTP. Try to find a service that does not keep logs. Riseup.net has server in USA and it's a good option for you. Otherwise, go for a VPN outside of your home country, because this makes jurisdictional problems.
2. VM over USB disk: I prefer USB live disk, because then it gets your brain into the mindset that this is different from regular browsing. You are aware that anything in your USB Distro is meant to be kept private, which means you don't mingle separate lives together. That said, you could also put TAILs into a VM. A VM is fine, as long as you securely delete the used OS, it takes only 1 secure wipe. However, a USB distro is less difficult, because once you remove the disk it's all gone, which makes it easier for you, and if the cops show up, very easy to destroy. Please look into TAILs, it has all the tools you need, and makes it so easy to have a secure environment at minimal effort.
3. In a VM, you get a fake MAC anyway, so not as important to masquerade. In a linux distro, you run a command and then you can switch it very easily, but with Windows it is more a pain. It is better protection to change the MAC each time, because then it is harder to pinpoint your device. Some info about mac change: http://www.velocityreviews.com/forums/t734068-linux-software-to-randomize-pc-hostname-and-wireless-mac-for-privacyat-hotspots.html
All you0 do to change your mac is bring network interface down of the right device, input new MAC (can be generated automatically), then bring network interface back up.
|
Anonymous #1
|
Re: A secure environment using a Live CD [Re: Anonymous #3]
#17812827 - 02/16/13 11:48 AM (11 years, 3 months ago) |
|
|
Quote:
Anonymous said: I will try to address as many of your questions as I can remember:
Thanks a bunch mate! Is there any chance you would want to chat via Pidgin/OTR? If not, don't worry about it. I'll just keep coming back to this page and seeing if you've responded or not! 
Quote:
Anonymous said: 1. Any VPN with a secure tunnel will do, which means no PPTP. Try to find a service that does not keep logs. Riseup.net has server in USA and it's a good option for you. Otherwise, go for a VPN outside of your home country, because this makes jurisdictional problems.
As it stands, I'm currently using a VPN service but I signed up using my own credit card. I intend on cancelling this service and moving over to mullvad since I hear good things and the fact they accept bitcoins is an absolute dream. At least that way, I can be 100% confident that I'm secure in that regard.
Quote:
Anonymous said: 2. VM over USB disk: I prefer USB live disk, because then it gets your brain into the mindset that this is different from regular browsing. You are aware that anything in your USB Distro is meant to be kept private, which means you don't mingle separate lives together. That said, you could also put TAILs into a VM. A VM is fine, as long as you securely delete the used OS, it takes only 1 secure wipe. However, a USB distro is less difficult, because once you remove the disk it's all gone, which makes it easier for you, and if the cops show up, very easy to destroy. Please look into TAILs, it has all the tools you need, and makes it so easy to have a secure environment at minimal effort.
So just to clarify here, you would recommend running TAILS as a VM that could be stored on a USB stick? If that's the case, you recommend that I delete the VM each time it has been used with the help of the likes of FileShredder to overwrite it with zeros and ones. You recommend this step rather than restoring the VM to a previous snapshot? If so, would I just build a new VM each time using the .ISO image that could be stored on the host machine itself? It certainly seems like a good way to go about doing things!
Out of curiosity, would you encrypt the USB using TrueCrypt for that extra layer of security?
Quote:
Anonymous said: In a VM, you get a fake MAC anyway, so not as important to masquerade. In a linux distro, you run a command and then you can switch it very easily, but with Windows it is more a pain. It is better protection to change the MAC each time, because then it is harder to pinpoint your device. Some info about mac change: http://www.velocityreviews.com/forums/t734068-linux-software-to-randomize-pc-hostname-and-wireless-mac-for-privacyat-hotspots.html
Thanks for the links. I was unaware each time you load up a virtual machine that your MAC address changes so that's good to hear anyway. It all sounds like it's starting to come together.
|
Anonymous #3
|
Re: A secure environment using a Live CD [Re: Anonymous #1]
#17824043 - 02/18/13 10:48 AM (11 years, 2 months ago) |
|
|
Sorry, I have made a few errors in my explication let me clarify:
1. I think you are good with an anonymous VPN. But even if you had used your card, a VPN services with no logs, only gives them names, no definite proof that the services was used in a linkable way to you. I have heard good things of mullvad also.
2. You can run TAILs as a VM, even on a USB drive, but that seems a little extra silly to me -- but if you want to do it, then go for it. I would prefer running it normally only from a USB drive, no VM in picture. TAILs has everything encrypted anyway, so no need to worry on that front. The biggest advantage of a USB stick is that you could quickly flush it down the toilet or burn it or hide it more easily than a hard drive. You could potentially put a VM on a USB stick, and then encrypt it in a TrueCrypt container, it doesn't strike me as particularly useful, but possible. Try TAILs for a day and you will understand very clearly what benefits it has for you.
3. A VM does not randomize its MAC on each boot, but its initial MAC is random, which gives you greater security, because then if anyone comes knocking and the VM was deleted, then the MAC is gone. But think, it would cause havoc for DHCP servers to randomize the MAC on each boot! Maybe there is a VM setting to randomize MAC? The disadvantage here is that the VM is sharing a connection via a bridge to your main machine, which may mean the VM never hits your router on its own, possibly implicating your main machine, and that counts as evidence. Which is why TAILs or a linux distro on its own is nice, because this will hit your router, and having the machine with the right mac is important in any allegations. If different machines with different MACs are hitting your router, and therefore your logs, then it adds an extra layer of difficult to prove evidence.
I would also think it would be useful for you to consider using some high-latency darknets as well.
|
Alan Rockefeller
Mycologist

Registered: 03/10/07
Posts: 48,392
Last seen: 2 days, 23 hours
|
Re: A secure environment using a Live CD [Re: Anonymous #3]
#17826757 - 02/18/13 07:35 PM (11 years, 2 months ago) |
|
|
Quote:
Anonymous said: 3. A VM does not randomize its MAC on each boot, but its initial MAC is random, which gives you greater security, because then if anyone comes knocking and the VM was deleted, then the MAC is gone. But think, it would cause havoc for DHCP servers to randomize the MAC on each boot!
DHCP servers would not care that the mac is random on boot unless security features are enabled that restrict the amount of MAC addresses used by each port. Using multiple MAC addresses on the same port might alert the IT Security team at a large workplace that something unusual is going on.
|
Anonymous #1
|
Re: A secure environment using a Live CD [Re: Anonymous #3]
#17830276 - 02/19/13 01:07 PM (11 years, 2 months ago) |
|
|
Quote:
Anonymous said: 2. You can run TAILs as a VM, even on a USB drive, but that seems a little extra silly to me -- but if you want to do it, then go for it. I would prefer running it normally only from a USB drive, no VM in picture. TAILs has everything encrypted anyway, so no need to worry on that front. The biggest advantage of a USB stick is that you could quickly flush it down the toilet or burn it or hide it more easily than a hard drive. You could potentially put a VM on a USB stick, and then encrypt it in a TrueCrypt container, it doesn't strike me as particularly useful, but possible. Try TAILs for a day and you will understand very clearly what benefits it has for you.
Thanks for the heads up with this one. The thing is, I'm unable to boot from a USB since my laptop is so old. What I can do though is boot from CD go with that option instead. My only concern is the need to save files. Now I could easily save files within a truecrypt container but it's an obvious choice so I'm left undecided as to what to do down this route.
I was chatting to a close friend who is very clued up with their security and they recommended a hidden OS using TrueCrypt. That way, I could save files if necessary without the need to worry as long as I was making sure to use the fake OS also to make sure that nothing fishy is going on. It seems like a good idea and I'm currently reading into it all as we speak. What do you think? Or is this suggestion overkill?
Either way mate, thanks for getting back to me. It's much appreciated as always!
|
Anonymous #3
|
|
Quote:
Alan Rockefeller said:
Quote:
Anonymous said: 3. A VM does not randomize its MAC on each boot, but its initial MAC is random, which gives you greater security, because then if anyone comes knocking and the VM was deleted, then the MAC is gone. But think, it would cause havoc for DHCP servers to randomize the MAC on each boot!
DHCP servers would not care that the mac is random on boot unless security features are enabled that restrict the amount of MAC addresses used by each port. Using multiple MAC addresses on the same port might alert the IT Security team at a large workplace that something unusual is going on.
It is true, but most(?) Sys Admins will only give an IP to a known MAC, rather than allow any MAC to gain access. I suppose it happens, but I am assuming an enterprise that fears being prosecuted for negligence in any type of litigation. --------
The Hidden OS could work for you, try it, though it seems a lot more work than buying a netbook that can boot from USB. You should consider storing your files in the cloud (encrypted) in a country out of the jurisdiction of your home country, and only access it with a decoy e-mail and the VPN you use, which makes it difficult to establish you use this service. Beware of de-duplication on cloud servers, you have to encrypt it all. You could encrypt it steganographically, too. It depends what data it is, but I am guessing I don't want to know, and I would prefer not to know. It all depends what you're up to as to what is the best solution, but try it all, and see what works.
The dual-system could work, please try it and let us know your results. I have not heard much positive about it to date, but there is also the chance that it is the solution you need and that I could be wrong.
|
Alan Rockefeller
Mycologist

Registered: 03/10/07
Posts: 48,392
Last seen: 2 days, 23 hours
|
Re: A secure environment using a Live CD [Re: Anonymous #3]
#17833986 - 02/20/13 02:32 AM (11 years, 2 months ago) |
|
|
Quote:
Anonymous said: It is true, but most(?) Sys Admins will only give an IP to a known MAC, rather than allow any MAC to gain access. I suppose it happens, but I am assuming an enterprise that fears being prosecuted for negligence in any type of litigation.
Most sysadmins don't enable that feature because it's a lot of work to enter everyone's MAC into the switches, and change that entry every time someone gets a new computer.
In the places I have ran the switches, the admins didn't lock down every port to a certain mac, but they did look to see if any ports were using multiple MAC addresses. This usually indicated that they were setting up an unauthorized hub or wireless AP, but also could indicate that VMware is running or OS's are trying to be stealthy. If someone was using more than 2 MAC addresses, we would have a talk with them and ask them what was going on.
|
Anonymous #1
|
|
Without trying to repeat myself here, I'm just wondering what options I've got if I decide to run TAILS as a Live CD when it comes to saving files? Should I just save them to a file container held on another machine? It seems a little slack on my part but it'll have to do until I get looking into a hidden OS using TrueCrypt. I'm afraid I won't be able to get round to that until this coming weekend at the very least. With that being said, it is only a few days.
What's your opinion on a hidden OS Alan? From what my mate was telling me, it isn't that complicated to get running and once it's all sorted, I should have a repository for downloading files in addition to carrying out both secure and anonymous surfing, as long as I make sure to make frequent use of the decoy OS too. He recommended Ubuntu on both then using a virtual machine with Tails on the hidden OS. It seems overkill but would certainly do the trick. You think there's much point with the virtual machine or would you just use Tails as your hidden OS?
|
Anonymous #3
|
Re: A secure environment using a Live CD [Re: Anonymous #1]
#17853618 - 02/23/13 05:18 PM (11 years, 2 months ago) |
|
|
You will burn a bootable USB with tails, then setup TAILs with encryption pass etc. when you first boot into it. It will make you burn a new bootable USB (well, you don't have to, but you can), which will be your primary TAILs to use. You have to go through a very short setup then burn that new tails USB, which will make things secure for you. That will have an encrypted place for storing files on it for you.
You have to jump in at this point. Don't be shy.
|
Lana
Head Banana


Registered: 10/27/99
Posts: 3,109
Loc: www.MycoSupply.com
|
Re: A secure environment using a Live CD [Re: Anonymous #3]
#17906850 - 03/05/13 07:20 AM (11 years, 2 months ago) |
|
|
Nice thread, this is what this forum is about
Lana
-------------------- Myco Supply - Distributors of Mycological Products http://www.MycoSupply.com The Premiere Source for Mushroom Growing Supplies. Visit us online or call us toll free
|
|