From CastleCopsWiki

Contents 1 Working on a unsecure computer 1.1 Using portable virtual machines 1.2 Connecting to remote desktops 1.3 Booting up on LiveCDs /USB drives 1.3.1 Disposable one time passwords 1.4 Conclusion

[edit] Working on a unsecure computer

Working on a computer that you do not own or control, brings a host of security and privacy problems. Whether it is working on a computer (carrying out secure online banking is a subet of this problem see How_to_do_online_banking_safely) in a cybercafe, at the office, or on a computer of a friend who isn't particularly serious about security ,there are a hosts of threats you face.

These include

• Leaving traces of your sensitive work (including browsing cache, cookies) on the computer.

• Being subject to keyloggers.

• Capture of network traffic via packet sniffing.

The first problem can be handled by securely erasing traces, setting browsers and applications to minimize creation of logs etc, but such solutions are pretty ad-hoc.

The second problem can be fought with anti-keylogging methods but on a machine that you do not control, this might be a losing battle.

The third is a common problem when surfing on common shared wireless connections or in offices, where system admins often monitor network activity and a rogue administrator could compromise your privacy and security.

With the rise of faster network speeds, portable USB drives with large amount of hard-disk space as well as cheap virtual machines, there are many possible solutions that can help mitigate these threats to some extent.

[edit] Using portable virtual machines

A very common idea to get around some of the problems as well as for convience is to carry around portable versions of applications in your usb drive. These specially tweaked apps (see list, are designed to solely run on your USB and avoid leaving traces on the computer. A particular notable app was Torpark now xB Browser, which was a tweaked firefox with privacy features (clearing of browser cache etc) combined with Tor. By routing traffic through Tor, this protected network traffic from being spied on at the point of origin (as well as allowing you to bypass filters at the origin).

However with increased use of virtual machines, a very logical idea is to run everything in a portal virtual machine carried on the USB stick. You can simply use a standard VMplayer loaded with a distro or use one that is specially customized for such use. Examples include Free Portable Virtual Privacy Machine , xbmachine and http://www.mojopac.com.

Running everything on a virtual machine on a portable USB not only further simplfies use by allowing you to carry around your very own permanent desktop no matter what PC you are at, it also adds another layer of abstraction, increasing privacy and security (e.g viruses on the host won't be able to jump into the virtual machine directly).

If you are just using a plain virtual machine, you are still vulnerable to packet sniffers , monitoring by network admins at the gateway etc, though sites accessed through HTTPS would still be secure.

Many of these custom packages such as Free Portable Virtual Privacy Machine , xbmachine also have built in support for Tor (paid service provides faster fatter pipes) , so any internet connection will be sent via Tor as opposed to just the browser.

Though such solutions, solve the 1st issue (traces left behind) and 3rd issue (packet sniffers) above, however since the virtual machine still runs as a process on the host, hence you are still vulnerable to keylogging and screencaptures etc.

[edit] Connecting to remote desktops

One popular method used by power users is to connect to their own home computer via a secure connection (VNC/SSH typically) and then work and surf from there. This has the advantage of thwarting network sniffers due to SSL , as well as allowing the user to have access to the same home PC desktop no matter where he goes.

However this methods requires that the user set up a server on their home computer which is beyond the skill level of many users. Services like logmein and Showmypcand various remote desktop services and software makes things easier but a misconfiguration can lead to security compromises of your computers.

This is where the free service Cosmopod comes in. Such services run the servers on their own computer networks and offer you access to remote desktops running on them without risking your own personal machine.

With Cosmopod, you gain access to a KDE desktop that runs on their servers by connecting via SSL using the NoMachine NX client (versions exist for running on Windows and other operating systems). You can also access it via Java applets, browser plugins etc, but this seems to be slower than just running the NoMachine NX client directly.

For those who are unaware, NX is a technology that allows remote desktop access based on open source technologies, while KDE desktop is a open source graphical interface used for unix based operating systems. With the use of the NX client, all the processing is done on the remote server (provided by Cosmos), and your client simply displays the results (traffic snooping is prevented because communication between the server and your client is encrypted). To the user this is totally transparent and it feels like you are controlling a normal desktop. Cosmopod even provides a free email account!

The free account of Cosmopod is ad supported however, with the extreme right part of the desktop displaying a vertical banner.

GOPC provides a similar service. Their free service offers only 250 mb of storage compared to Cosmopod's 1 Gb, though GOPC provides a slightly greater range of applications including the more familar Firefox browser instead of Konqueror (firefox is available only in Cosmopod's paid service) and there is no advertising.

The main disavantage of such services is that the desktops that you connect to remotely are typically open source none-windows, which many users are unfamiliar with. For a similar service to Windows desktops Nivio provides a similar service though there is no free option.

As already mentioned, such services thwart any network snooping due to SSH. While you can achieve similar results by using Tor, remote desktop services like Cosmopod/GoPC provide dedicated direct (but encrypted) connections to the server and hence are much faster. With Cosmopod and GoPC, you connect to their servers and they then connect to the destination node. This masks the orginating ips (the destination point will show the connection came from Cosmopod/GOPC server ips ranges). Tor however using a chained Onion proxy, provides greater privacy and annoymity, with multiple hops and rotating exit nodes so the ip varies.

Using remote desktops is perhaps slightly more secure than using virtual machines directly on the host machine, because unlike using a full portable machine on a usb drive , all processing occurs off site (not on the unsecure computer which theortically can be intercepted even if nothing is written directly on the disk), the results are pipped to the client via encryption and the client merely displays the image.

Remote desktop methods leave very little behind but for even more privacy, with some tweaking you can install and run the NX client on your USB drive, and use it to connect to the remote desktop from there. Again no traces will be left behind, much like using a full fledged portable virtual machine.

But much like using portable virtual machines, using remote desktops still requires running them on top of an existing operating system, and this means being possibly monitored by keyloggers and screen capture programs.

Cosmopod claims to "deploy a hardened Linux kernel with additional privacy features" and it does seem to prevent hook based keyloggers from working (whether by design or by accident), but other methods based on activex, kernel based methods continue to work.

In theory though, booting up via LiveCD (see next), connecting to the remote desktop seems to provide almost foolproof protection.

[edit] Booting up on LiveCDs /USB drives

As seen above, the most difficult problem to solve seems to be securing your activities from being captured by keylogging and similar monitoring software. While you can try to employ anti-keylogging methods, you are likely to be fighting a losing battle, since you are essentially running on a completely untrusted operating system.

A more secure solution to bypass all these problems would be by booting up with a secure known clean Operating system, ensuring that any nasty tricks on the original Operating system cannot run. This is where LiveCd distros comes in. Carried in a CD (there are portable versions for USB drives as well such as http://www.pendrivelinux.com/ , though CDs have the extra security feature of being readalone you bootup on a completely secure and clean operating system without the need of installing it and start surfing and working from there. There are many many distros of varying suitability for this. See list of free distros that might be suitable (though this list is concerned only with online banking).

This alone bypasses the first and second problems (save maybe the possibility of hardware keyloggers and almost unheard of bios rootkits), but problem 3 (network sniffing) needs to be handled.

Again if you surf via Tor etc you can thwart network traffic sniffers. LiveCds like Anonym.OS LiveCD and Incognito, provide builtin support to Tor.

One possibility would be to combine remote desktop and LiveCD approaches, first use the LiveCD to ensure a clean environment, then connect to one of the remote desktop services such as Cosmos to thwart network sniffing.

This ensures unsurpassed security and privacy, though it might be overkill.

[edit] Disposable one time passwords

Many of these solutions particularly the use of remote desktops involve the initial entering of a password, which can be captured. Hence the use of one-time passwords. For example logmein allows you to precreate a list of one-time passwords to use or have it emailed to a predefined email account when needed.

Kyps does the same thing, by allowing you to pre-generate one use only passwords for popular sites like gmail, yahoomail, myspace etc.

So do more versatile online password managers, like Passpack with similar disposable passwords.

Of course, better yet is two factor authentication, but disposable one time passwords are the next best thing.

[edit] Conclusion

Most of these methods require administration previlages and in the case of livecds requires that the bios is not locked and allows booting up via alternate devices, so on a secured shared computer may not be suitable. On the other hand, such machines are highly secured and are less likely to be compromised although the owner of the machine might still have left some nasty tricks behind for monitoring usage.

In such cases, you have to take your chances.