Securely booting from strangest of places

Featured eBooks
Changes in State and Local Government Workforces
NASCIO Special Report 2024
A New Era of Social Media Regulation
Insights & Reports
Unlocking digital potential: Strategies for modernizing government services
Presented By Adobe
Download Now
Unlocking public sector potential
Presented By NTT DATA
Download Now
By Joab Jackson
 

Connecting state and local government leaders

By Joab Jackson

|

FOSE vendors display a new crop of devices for booting from USB keys and portable hard drives.

Although aimed at different segments of government, in effect, all these products perform a similar task: They can turn any computer into a secured thin client -- namely, by bypassing the OS and the hard drive entirely and using only the processor and memory to run a guest OS.

Could FOSE 2009 be remembered as the year of the bootable portable drive? On the show floor, a number of vendors are displaying either USB drives, enclosed hard drives or other portable media from which an entire operating system and associated application can booted.

FOSE 2009 news index

BeCrypt (Booth 2231) offers a USB key with a complete operating environment as a way to run a secure session on an unmanaged PC. Insert the drive in a USB port and configure the laptop to boot from the USB, and the hard drive is bypassed altogether in favor of the software on the USB stick.

The USB drive, called the BeCrypt Trusted Client, contains a stripped-down version of Linux, along with any applications you want to run. This setup would allow a government worker to run a secure session from anywhere by using the basic secure OS along with downloadable applications provided by Citrix software or some other client. The material on the drive is encrypted with either 128 bit or 256 bit Advanced Encryption Standard (AES). This device costs $100, though there is a discount with purchase of multiple devices.

Along the same lines, but using a rugged portable hard drive and rugged casing, is the V2 ABS Rugged Backup System from CMS Products (Booth #2241). It encloses an 80-gigabyte Seagate EE25 Series ruggedized hard drive within a rubberized shock control sleeve. The drive itself has a shock rating of 300 Gs operating and 900 Gs when not in use, it can work in temperatures ranging from 20 degrees below zero to 75 degrees centigrade. It can range in altitude (m) from 5000m operating to 15,000 non-operating. Everything on the drive is encrypted with 256-bit AES file-level encryption.

What makes this drive bootable is that it comes with backup and recovery software called BounceBack. With this software, you can copy everything from the main drive of a desktop computer and perform incremental backups thereafter. When the hard drive fails, plug this portable drive in to the USB port and you can boot directly into the backup.

If you don't need rugged, you could just buy the BounceBack software and back everything up to your own USB key or portable hard drive. This approach may be particularly appealing for remote workers who aren't technically astute. Should the hard drive fail, the user can simply switch to the backup drive and continue working until tech support can replace the original drive. When the original drive is replaced, then everything can be copied back over.

For the security-conscious, MXI Security (booth 2223) does these offerings one better with a couple of bootable USB drives that use Common Access Card-level user authentication out of the box. The Access CAC is a USB drive with fingerprint reader, as well as the ability to hold CAC public key infrastructure credentials. The user can set up the device to allow access to its files only by a combination of a fingerprint biometric and a password. Or, if that drive is attached to a computer with a CAC reader on a Defense Department network, access can be granted through CAC authentication. Or, the CAC could be used with the biometric and the password for three-factor authentication.

Like the other portable drives, Access CAC can hold an OS that be booted from. MXI uses a VMWare container, so you can load your choice of OS onto the drive. The authentication is done in the pre-boot stage. And like the other portable drives here, the material is encrypted, so the content of the drive cannot be access by outside parties, should the drive be lost or stolen. Access CAC will be commercially available next month, with a basic price of $39 per drive. Drives can range in size from a single gigabyte to 32 gigabytes.

For the CAC access to work, Access CAC drive must be used on a computer with a smart-card reader and the middleware. MXI is also preparing a similar drive, to be called the Portable CAC Personal Identification Verification (PIV) system, which eliminates the need for CAC middleware on the client. A worker who wants to sign onto a Defense Department network from a public machine would just insert a USB drive, and attach a smart card reader into another USB port. The MXI software will act as go-between for the card reader and the network CAC identification service. Once verified, the drive's OS is booted up and the worker can use that guest computer in a secure fashion.

Booting from CD is another option, and increasingly, we are seeing a number of what is known as live CDs, or CDs that contain an entire OS that can be loaded into working memory without touching the hard drive at all.

Live CDs can be really useful for taking a new OS on a test-run. For instance, one of the biggest hurdles for newcomers trying the Linux desktop on their own computers is the worry that once the installation process has started, something will go wrong. Perhaps the graphics card or the wireless adapter won't work correctly in the new setup, and the poor individual who tried installing Linux now must go and reinstall Microsoft Windows.

To get a taste of desktop Linux, stop by the Northern Virginia Linux Users Group booth (#2536). They have free live CDs of the latest Fedora (Release 10) and Canonical's Ubuntu (8.10) Linux distributions for desktop computers. With one of these live CDs, you simply insert the disk and set the computer BIOS to boot from the optical disk player, and the entire Linux desktop environment comes up. If you find everything to your liking, you can then install the distribution on your hard drive.

NEXT STORY: Security requirements defined for smart electrical meters

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.