Linux, the US DoD, and Online Banking
The US. Department of Defence (DoD) has seen the benefits of a Linux LiveCD for secure connections from non-secure computers… ie. when browsing the internet from home or public access PC’s, and have released the Lightweight Portable Security LiveCD/LiveUSB based distribution for this purpose.
Lightweight Portable Security (LPS) is part of the Anti-Tamper Software Protection Initiative (ATSPI)… the DoD Anti-Tamper introduction webpage carries the official seals of the US Department Of Defense, the US Air Force Research Laboratory, and the Anti-Tamper Software Protection Initiative.
The ATSPI say…
Lightweight Portable Security (LPS) creates a secure end node from trusted media on almost any Intel-based computer (PC or Mac). LPS boots a thin Linux operating system from a CD or USB flash stick without mounting a local hard drive. Administrator privileges are not required; nothing is installed. SPI created the LPS family to address particular use cases. LPS-Public is a safer, general-purpose solution for using web-based applications. The accredited LPS-Remote Access is only for accessing your organization’s private network.
LPS-Public allows general web browsing and connecting to remote networks. It includes a SmartCard-enabled Firefox browser supporting CAC and PIV cards, a PDF and text viewer, Java, and Encryption Wizard – Public. LPS-Public turns an untrusted system (such as a home computer) into a trusted network client. No trace of work activity (or malware) can be written to the local computer. Simply plug in your USB SmartCard reader to access CAC- and PIV-restricted US government websites
They DoD also say…
Anti-Tamper (AT) encompasses the systems engineering activities intended to prevent and/or delay exploitation of critical technologies in U.S. weapon systems. These activities involve the entire life-cycle of systems acquisition, including research, design, development, implementation, and testing of AT measures
Now I don’t know about you, but I find it unbelievable that on this page the US DoD specifically mention LPS’s use for online banking, and see Linux as a way forward in online security, yet the Nationwide Banks browser support page specifically excludes browsers running on ANY Linux distribution… to the extent that their Internet Banking Promise only promises automatic fraud protection for supported browsers running in Windows and Mac OS-X… yet on neither of these pages does Nationwide even mention a need for Anti-Virus or Anti-Malware software when running on Windows.
Leave a Reply
You must be logged in to post a comment.