Authenticating Puppy OS - Ironkey style
Posted: Sat 09 Jul 2011, 20:57
I've been researching various USB authentication devices for use in a small business. I started with the inexpensive Yubikey as a domain authentication device.
http://www.yubico.com/overview
Then I realized what I really wanted was a secure password manager that is built into the USB key - And I found the Ironkey
http://www.ironprotector.com/Tech-Inter ... cation.asp
When I saw crackers even get through this device (youtube) I ran across the Lockheed Martin version of Puppy on a stick combined with the Ironkey.
They call it - http://www.lockheedmartin.com/products/ironclad/
So, they've got a bootable OS with all the Ironkey features, but they don't sell them to the public.
Granted - Bootable Puppy OS already has features that make it immune to many viruses, etc. But the Ironkey Enterprise version has features that enable an admin to restrict the opening of the device by IP or range of IP, remote revocation, a secure TOR network and a password manager. Features that let you give this to other users and you still have some control.
I haven't ordered an Ironkey to play with yet, but it has 1GB of storage.
It says it can work within Linux but I doubt it's bootable, Lockheed must have something the rest of us don't.
So, with all that said - I still have my yubikey ($25) and I'd like to know if there is any interest in making a device like the Ironclad - within Puppy, that you use the yubikey to authenticate against a server. Unless you could put a bootable Puppy OS on the Ironkey, this might be the next best thing.
Two USB keys (like a deabolt on your front door). One boots PuppyOS and the Ubikey in the other USB slot, with a press of the button, authenticates you against a server - before giving you access to an encrypted portion of the OS where you can safely keep your passwords and or applications.
A strong password that won't help you even if you write it down.
The One Time Password feature combined with a personal PIN is protection against loss of the key.
So to me this might at least silence any (most) critics about root access being the default in Puppy OS. You'd be root, because you have a strong authentication system - the data is encrypted, access to it is controlled by the presence of the Yubikey and a server verifying it. You can be root and trash the system ONLY if you have the Yubikey in place. And if my Puppy OS stick is ever lost, the local storage is unreadable unless you've got the Yubikey.
I recognize there are limitations once you're in the OS and subject to the security of the browser you're using once you're in the OS. But the Lockheed version (Ironclad) shows them using Windows XP - so there's got to be a benefit to controlling the OS/the encryption/authentication as a bundle.
I may end up with the Ironkey anyway, since the enterprise administration features make controlling my users more possible, and it can run under Linux. I just thought - a $25 Yubikey protecting an encrypted volume on Puppy OS might be worth a shot.
Thoughts?
http://www.yubico.com/overview
Then I realized what I really wanted was a secure password manager that is built into the USB key - And I found the Ironkey
http://www.ironprotector.com/Tech-Inter ... cation.asp
When I saw crackers even get through this device (youtube) I ran across the Lockheed Martin version of Puppy on a stick combined with the Ironkey.
They call it - http://www.lockheedmartin.com/products/ironclad/
So, they've got a bootable OS with all the Ironkey features, but they don't sell them to the public.
Granted - Bootable Puppy OS already has features that make it immune to many viruses, etc. But the Ironkey Enterprise version has features that enable an admin to restrict the opening of the device by IP or range of IP, remote revocation, a secure TOR network and a password manager. Features that let you give this to other users and you still have some control.
I haven't ordered an Ironkey to play with yet, but it has 1GB of storage.
It says it can work within Linux but I doubt it's bootable, Lockheed must have something the rest of us don't.
So, with all that said - I still have my yubikey ($25) and I'd like to know if there is any interest in making a device like the Ironclad - within Puppy, that you use the yubikey to authenticate against a server. Unless you could put a bootable Puppy OS on the Ironkey, this might be the next best thing.
Two USB keys (like a deabolt on your front door). One boots PuppyOS and the Ubikey in the other USB slot, with a press of the button, authenticates you against a server - before giving you access to an encrypted portion of the OS where you can safely keep your passwords and or applications.
A strong password that won't help you even if you write it down.
The One Time Password feature combined with a personal PIN is protection against loss of the key.
So to me this might at least silence any (most) critics about root access being the default in Puppy OS. You'd be root, because you have a strong authentication system - the data is encrypted, access to it is controlled by the presence of the Yubikey and a server verifying it. You can be root and trash the system ONLY if you have the Yubikey in place. And if my Puppy OS stick is ever lost, the local storage is unreadable unless you've got the Yubikey.
I recognize there are limitations once you're in the OS and subject to the security of the browser you're using once you're in the OS. But the Lockheed version (Ironclad) shows them using Windows XP - so there's got to be a benefit to controlling the OS/the encryption/authentication as a bundle.
I may end up with the Ironkey anyway, since the enterprise administration features make controlling my users more possible, and it can run under Linux. I just thought - a $25 Yubikey protecting an encrypted volume on Puppy OS might be worth a shot.
Thoughts?