Become server more protected running from the LiveCD like knoppix or bartcd?
If it is so what should I use?
Is it practicaly to do that?
Printable View
Become server more protected running from the LiveCD like knoppix or bartcd?
If it is so what should I use?
Is it practicaly to do that?
I would say no. Most of the live CDs are not made for that purpose. First of all... they boot from a CD which is read only. Since its a read only filesystem with a (in many cases) small ramdisk, you are unable to patch. That is, unless you install to the hard drive.
They are not updated quite as frequently as the major distros where you can just burn a new CD when a security vulnerability has been patched. Plus, to have to download a 500-700MB ISO every time you need to patch... that'd be a pain in the arse. Most security patches are pretty small and can be downloaded pretty quickly.
These live distros are specialized. They are meant for a specific purpose. Evaluation of a distro, forensics tools, security tools, etc. Seeing that they are crated with just a couple of purposes in mind, they are not very flexible. You can't just say... I'm going to add a mail server service to this box... download the necessary packages and then install. You have to find a live CD distro that meets your exact needs.
I've seen a honeypot and firewall live distros that boot from CD. IMO, this is a great idea. You load the config from a flash drive or floppy. They fit one specific purpose. Some honeypots just emulate devices and services on the network and log that data to a syslog server. If someone were to compromise that box, they own your honeypot/net. If they can't make any changes... then its easy to detect/recover. They can't install a rootkit or try to delete the logs. Just reboot and find the flaw in your setup. Make the necessary changes and you're good to go. It is often desireable to change the configs for different services, but to not allow changes to the operating system. Since it is read only, you only allow changes on your ramdisk or where you are saving/loading the configs. After your configs are set, you can even just mount that removable media in read only... that will make the whole filesystem read only. Just allowing the ramdisk for swap, etc.