Security distribution
In Practice
In a Linux Magazine hands-on test, we checked the Debian derivative's suitability for everyday use. The CryptoBox containers in particular will naturally tend to increase the overhead for storing and reconstructing data. But the developers have definitely done their homework here. The easy-to-use wizard and seamless integration with cryptosystems mean that there is little additional overhead for users of the encrypted disks: You only need to enter one password to work transparently with the containers just like with conventional mass storage.
The whole offline concept makes it extraordinarily difficult for attackers to even gain access to the system. Thanks to the live mode with a read-only file system and because mounting stationary disks is impossible, Discreete Linux also cannot be attacked via a manipulated host computer.
Conclusions
The prerelease version of Discreete Linux already covers most of the requirements that exposed groups of people usually impose on a hardened environment. This isolated solution with encrypted-only data transfer to the outside world implements the CryptoBox in a very user-friendly way. Last but not least, the stable Debian base minimizes problems due to software bugs.
But with attack scenarios constantly emerging, the makers of Discreete Linux are already planning further measures: In the future, they will only be offering signed kernel modules and hardening the USB interface, which is increasingly being used for attacks. The latter is intended to prevent the injection of bad USB trojans [11] via USB components. All in all, the beta phase Discreete Linux already presents itself as a successful niche product for users with strict security requirements.
Infos
- Discreete Linux: https://www.discreete-linux.org
- "Ubuntu for the Security Conscious" by Kristian Kissling: http://www.linux-magazine.com/Issues/2013/157/Ubuntu-Privacy-Remix
- Download from: https://www.discreete-linux.org/howto.html#get_pre
- LUKS: https://gitlab.com/cryptsetup/cryptsetup
- VeraCrypt: https://veracrypt.codeplex.com
- TrueCrypt: http://truecrypt.sourceforge.net
- GnuPG: https://www.gnupg.org
- Seahorse: https://wiki.gnome.org/Apps/Seahorse
- Figaro's Password Manager 2: http://als.regnet.cz/fpm2/
- MAT: https://mat.boum.org
- Information on bad USB trojans: http://www.golem.de/news/karsten-nohl-usb-geraete-aller-typen-lassen-sich-fuer-badusb-nutzen-1411-110520.html (German only)
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
US / Canada
UK / Australia
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
News
-
Red Hat Migrates RHEL from Xorg to Wayland
If you've been wondering when Xorg will finally be a thing of the past, wonder no more, as Red Hat has made it clear.
-
PipeWire 1.0 Officially Released
PipeWire was created to take the place of the oft-troubled PulseAudio and has finally reached the 1.0 status as a major update with plenty of improvements and the usual bug fixes.
-
Rocky Linux 9.3 Available for Download
The latest version of the RHEL alternative is now available and brings back cloud and container images for ppc64le along with plenty of new features and fixes.
-
Ubuntu Budgie Shifts How to Tackle Wayland
Ubuntu Budgie has yet to make the switch to Wayland but with a change in approaches, they're finally on track to making it happen.
-
TUXEDO's New Ultraportable Linux Workstation Released
The TUXEDO Pulse 14 blends portability with power, thanks to the AMD Ryzen 7 7840HS CPU.
-
AlmaLinux Will No Longer Be "Just Another RHEL Clone"
With the release of AlmaLinux 9.3, the distribution will be built entirely from upstream sources.
-
elementary OS 8 Has a Big Surprise in Store
When elementary OS 8 finally arrives, it will not only be based on Ubuntu 24.04 but it will also default to Wayland for better performance and security.
-
OpenELA Releases Enterprise Linux Source Code
With Red Hat restricting the source for RHEL, it was only a matter of time before those who depended on that source struck out on their own.
-
StripedFly Malware Hiding in Plain Sight as a Cryptocurrency Miner
A rather deceptive piece of malware has infected 1 million Windows and Linux hosts since 2017.
-
Experimental Wayland Support Planned for Linux Mint 21.3
As with most Linux distributions, the migration to Wayland is in full force. While some distributions have already made the move, Linux Mint has been a bit slower to do so.