Linux users are used to having access to hundreds of possible distributions at their fingertips, which now includes one designed by the US government agency responsible for military affairs.
As the operating system is developed as an open source project, many companies choose to build their own customised version that meets their specific needs. Now, users looking for a security-focused Linux distribution have the option of downloading one from the US Department of Defense.
Targeting telecommuters and others who need to access corporate and government networks from unsecured remote locations, Lightweight Portable Security (LPS) is a lightweight Linux distribution that creates a secure end node from just about any Intel-based PC or Mac computer.
Created by the Software Protection Initiative under the direction of the Air Force Research Laboratory and the DoD, the software works by booting a thin Linux operating system from a CD or USB flash stick without mounting a local hard drive.
Nothing need be installed, and administrator privileges are not required. Three versions are available: LPS-Public is a general purpose solution for using web-based applications, LPS-Public Deluxe adds OpenOffice and Adobe Reader software and LPS-Remote Access is for accessing private networks.
LPS-Public and LPS-Public Deluxe are each available as a free download from the DoD's LPS site, but LPS-Remote Access is available only upon request. A quick start guide aims to help users get up and running on the distribution.
Rebooting for extra security
Designed for general web browsing and connecting to remote networks, LPS-Public includes a smart card-enabled Firefox browser supporting Common Access Card (CAC) and Personal Identity Verification (PIV) cards, a PDF and text viewer, Java and Encryption Wizard.
Essentially, the software turns an untrusted system such as a home or hotel computer into a trusted network client: "No trace of work activity (or malware) can be written to the local computer. Simply plug in your USB smart card reader to access CAC and PIV-restricted US government websites," the DoD explains.
Because it's designed to run from read-only media and without any persistent storage, LPS is not continually patched the way most operating systems are. It is updated regularly, however, at least through quarterly patch and maintenance releases. Users should update to the latest versions to have the best protection, DoD says.
The most malware can do, meanwhile, is run within a single session. For heightened security, the DoD recommends rebooting between sessions or just before particularly sensitive ones, such as when online banking is to be done. LPS should also be rebooted after visiting risky websites or when there's reason to suspect malware might have been installed.