LPS Linux – The Publicly Available Air Force Secure Linux Distro

LPS Desktop

Looking for a Secure Linux Distribution and not sure what to use? Why not try the publicly available Linux Distro created by the US Air Force?

Several nations are moving to or modifying their own Linux distributions for military use. And honestly, it just makes sense. But did you know that the SPI working with the US Air Force created the “Lightweight Portable Security” Linux (or LPS for short) and have released it for public use?

LPS is a publicly available, secure Live CD that offers security, sandboxing and encryption.

The ATSPI Technology Office produces nation-state class protection products, and according to the LPS website, “LPS-Remote Access was certified by AFNIC to connect to the GIG for general telecommuting use“. A whole lot of acronyms there, but basically what it means is that LPS is secure – secure enough to be certified by the Air Force to connect to the DoD Global Information Grid – the military’s information super highway.

And if it is good enough for military certification, you can believe that it is capable and safe for secure civilian use.

So what does it look like?

Well, a full blown Ubuntu operating system it is not. It comes with very few bells and whistles. But that is the point. The fewer the frills, the easier it is to secure it.

LPS Menu

As you can see from the user menu above, there are not a lot of pre-installed apps. Though LPS does come in a “Deluxe” version that includes OpenOffice and Adobe Reader.

LPS is meant to be used as a live CD. Simply download LPS, burn it to a CD and then boot from it when you need to use a secure OS – Like when you are traveling abroad or using public internet.

It does not write to the hard drive and does not leave anything in memory when shut down. Because it does not write anything to the hard drive, if by odd chance that LPS does get infected, there is no persistence. Just reboot and the malware will be gone.

LPS seems to be mainly be oriented to surfing, e-mail and data transfer. According to Lt. Col. Ken Edge, Air Force Research Laboratory’s Software Protection Initiative (SPI) program manager, “Imagine a pilot overseas who has to get orders but only has a very questionable Internet café computer, with LPS-Public and a smartcard reader, he can safely enter the CAC-authenticated Air Force Portal and his webmail. Likewise, sailors can securely bank online overseas, and soldiers can safely use social networking sites.”

It even comes with an easy to use Encryption Wizard that allows you to encrypt your data before transmitting it over the wire:

Encryption Wizard

Simply run the wizard, and drag the file you want to encrypt into the program box, then select how you want to encrypt it:

Encrypting File Passphrase

The wizard also decrypts files in the same easy to use manner.

There are other secure Linux distros out there with more capabilities, Tails Linux comes to mind. But if all you need is a simple, easy to use secure Live CD solution, then look no further than LPS Linux.

Advertisements

Transformers 3 Coming to an Airbase near You?

What started out as an in-house phishing security test at an airbase in Guam has gone viral. According to a Networkworld article, what was meant to be a local test of Air Force security against phishing e-mails led to the story being released to the public and spread like fire.

Airman apparently spread the false information to their friends that DreamWorks was looking for 20 people from Anderson Air Force base to be extras in the next Transformers movie.

This type of in-house phishing exercise is a routine occurrence in the military and in major corporations, and is generally seen as a good way of promoting security awareness. But in Andersen’s case, the information in the phishing e-mail started leaking to the civilian world.

“Unfortunately, many of Andersen’s personnel responded to this inject and submitted their personal information to the Web site, and forwarded the information outside of Andersen,” the Air Force base said in a statement.

Okay, I can see how this happened. You have young guys at the Air base thinking this is their chance to be a star. This was a good test. Phishing attacks can be very devious. What I am amazed by is that a short while ago people fell for a real phishing attack that said that North Korea nuked Okinawa.

Just as a reminder, do not give out your personal information to unknown websites. Also, do not click on links in unsolicited e-mails. You also need to be extra careful now with e-mails that you think you have signed up for. Hackers are spoofing e-mails that look like they are from name brand sites, with logos and everything. Clicking on a link in the e-mail takes you to a malware site. It is always best to go to the website manually to see if that deal that is too good to be true really is.