Security News > 2005 > March > The good and bad of Linux LiveCDs
http://www.computerworld.com/securitytopics/security/story/0,10801,100535,00.html By Neil McAllister MARCH 21, 2005 INFOWORLD If you're an IT manager, introducing Linux into your enterprise is a tough decision. Choosing to take the plunge at all is one thing, but facing the myriad choices is another. At last count, the database at DistroWatch.com racked some 345 actively maintained Linux and BSD distributions. Although most enterprises are likely to consider only a fraction of that catalog, the number of decision points it represents is potentially much larger. Each Linux distribution is configured differently. Each ships with its own kernel, modules and associated tools. Some use the Gnome desktop environment, others KDE, and still others ship as bare-bones command-line systems. Some provide lots of applications and services for maximum flexibility, whereas others have been pared to the minimum and locked down for security. In the past, taking any of these distributions for a test-drive could be a tedious process. It meant cleaning out drive space on a spare machine, going through a potentially irksome installation process (depending on the distribution), creating accounts, and then experimenting with the operating system before deciding whether it was worth a full-blown install. Today's answer? LiveCDs -- complete, functional, binary Linux distributions booted from a CD, DVD, USB keychain drive or other portable media. Want to know if Mepis ships with the right libraries to support your applications, or if the Ubuntu desktop is just the right shade of chocolate brown to suit you? Burn a copy of the LiveCD version, boot it up, and take it for a spin -- no need to install it to a hard drive. Macintosh fans are probably slapping their foreheads and saying, "Duh." As far back as Mac OS 7 it was easy for Mac users to include a working System Folder in a disk image to create a fully bootable CD-ROM. But it wasn't always so easy with Linux (or Mac OS X, for that matter). Since those days, however, open-source operating systems have developed the most sophisticated LiveCDs around. Compressed filesystems pack as much as 2GB onto a single CD-ROM image, and some distributions -- such as Puppy Linux -- even ship LiveCDs that use multisession burning to allow users to save data back to the same CD they booted from. Whereas many LiveCDs are trial versions of full-blown distributions, others have been designed with more specific purposes in mind. For example, Knoppix comes packed with data-recovery and security tools. Hikarunix on the other hand, is a complete, bootable, Linux-based OS dedicated solely to the ancient game of Go and is small enough to fit on a pocket-size mini CD. These last examples bring up an important point that I'd be remiss to neglect. A PC booted from a Linux LiveCD is transformed. It no longer has any of the user accounts, logging and security controls of its original host operating system. It has become a Linux system, completely under the control of the end-user and loaded with an arbitrary selection of open source software -- yet it still has access to the same hard drives, network, servers and other resources as before. The security threat this poses is obvious. Choosing a Linux distribution for your enterprise environment is a difficult decision, but it should be IT's decision. If your corporate desktops and notebooks are distributed with the ability to boot from CD-ROM enabled in the BIOS, ask yourself this: Do you know what your users' favorite Linux distributions are? _________________________________________ Bellua Cyber Security Asia 2005 - http://www.bellua.com/bcs2005
News URL
http://www.computerworld.com/securitytopics/security/story/0,10801,100535,00.html