James wrote: > Dale <rdalek1967 <at> gmail.com> writes: > > >>> Blueness has created a 'tin hat' [1] mini secure linux distro that runs >>> in all ram for the truely paranoid (or those with valid security features). >>> You can just boot up with tinhat or Pentoo and use the live version >>> for sensitive transactional types of events...... There is also, bluedragon >>> and lilblue, all excellent, reasonably secure systems to testdrive. >>> Also, you may want to see if 'www-client/xombrero' meets your needs. >>> I have not had time to implement it, so it's on my todo list to evaluate. >>> [1] http://opensource.dyc.edu/tinhat >> Only thing is, I access my bank pretty much daily. To use that would >> require a reboot and booting from USB/DVD etc. I rarely reboot. >> Generally, I reboot when I lose power and have to shutdown. So far, I >> haven't rebooted in 182 days. In a little over a week, I'll have a new >> record. Well, documented record for this rig anyway. > > > OK, then the solution, which is not in my current expertise, is to run > something secure in a VM or a container from your workstation. Since tinhat > is an "in-ram' solution that would work. I sure there are secure, > gentoo-hardeded images for a VM or container, just look around. One of the > gentoo security/container/vm channels may provide faster expertise on this > route. > > Or get an embedded board (should be less than $50) with hdmi, usb > (mouse/keyboard) and ethernet, that has a secure distro avalilable for it. > Perhaps some of Rasp. Pi3 or this one [1]. With gentoo-hardened, I'd cobble > together a second system, before munging up your current gentoo workstation. > Be sure that the secure OS you want to run, is already well supported before > you choose an embedded board. Apline linux shines here too, as it uses musl > (libc) and is security oriented. > > > Did you read up on Xombrero? There are many choices, finding the least > time-consuming option that meets your needs requires lots of time. > ;-) > > > hth, > James > > > [1] > http://www.cnx-software.com/2016/02/29/odroid-c2-64-bit-arm-development-board-is-now-available-for-purchase-for-40/ > > >
My biggest curiosity at the start of this was if using VPN would help. Given that so much of the security stuff has been hacked by Govt types, and no telling who else, I was just curious on what VPN would offer. I'm not really looking into USB/DVD rebooting and such. My hope was that places such as my bank and other financial sites would benefit from this. Since none of them are likely to use this anyway, I'll just have to hope they are doing enough. Plus, if someone hacks in, it's on them anyway. My bank has that no frills warranty. I might add, I've never used anything but Linux since 2003 when I built my first puter. So far, I've yet to have anything hacked. I haven't even had the likes of Facebook or anything hacked. I've heard of lots of other folks having theirs hacked but I've never had it happen to me. I use pretty good passwords and started using Lastpass which means even stronger passwords. So far, it's working. Running a VM is not my expertise either. I read about them sometimes but never used or even seen one. It does make me curious tho. To me, it sounds like a install on top of a install but the one on the inside can't touch the main one. Something like that anyway. If I had to describe it to someone familiar with Gentoo, sort of like a chroot type thing with some extras built in. Still, using Linux is likely the biggest bonus. ;-) Dale :-) :-)
