Security distribution

In Practice

In a Linux Magazine hands-on test, we checked the Debian derivative's suitability for everyday use. The CryptoBox containers in particular will naturally tend to increase the overhead for storing and reconstructing data. But the developers have definitely done their homework here. The easy-to-use wizard and seamless integration with cryptosystems mean that there is little additional overhead for users of the encrypted disks: You only need to enter one password to work transparently with the containers just like with conventional mass storage.

The whole offline concept makes it extraordinarily difficult for attackers to even gain access to the system. Thanks to the live mode with a read-only file system and because mounting stationary disks is impossible, Discreete Linux also cannot be attacked via a manipulated host computer.

Conclusions

The prerelease version of Discreete Linux already covers most of the requirements that exposed groups of people usually impose on a hardened environment. This isolated solution with encrypted-only data transfer to the outside world implements the CryptoBox in a very user-friendly way. Last but not least, the stable Debian base minimizes problems due to software bugs.

But with attack scenarios constantly emerging, the makers of Discreete Linux are already planning further measures: In the future, they will only be offering signed kernel modules and hardening the USB interface, which is increasingly being used for attacks. The latter is intended to prevent the injection of bad USB trojans [11] via USB components. All in all, the beta phase Discreete Linux already presents itself as a successful niche product for users with strict security requirements.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • VeraCrypt

    Protect your data and operating system from prying eyes with VeraCrypt.

  • VeraCrypt

    The VeraCrypt encryption software comes with a handy graphical interface, and the ability to hide a container in an encrypted volume adds a unique professional feature: plausibly deniable encryption.

  • TruPax 9

    The TruPax tool specializes in encrypting small datasets to safeguard your data from prying eyes.

  • Critical Flaws Found in VeraCrypt

    Popular open source encryption tool is vulnerable to attack

  • Disk Encryption

    Encrypted volumes have long since ceased to be an exception or luxury. Corporate policies and compliance rules often demand encryption for critical data. This article looks at tools for disk encryption on Linux.

comments powered by Disqus