PDA

View Full Version : security issues when using a LiveCD



dtux101
03-01-2005, 02:55 PM
Hi there. I am wondering what security issues arise when using a LiveCD on a machine with an existing OS, in particular Windows. I understand that Knoppix can mount partitions in read-only mode. In such case, one may still save work to a Zip-disk, USB-key, etc. However, as regards access to authentication servers, (we're in a large campus which is predominately Windows (clients and servers)), network access, etc., does the use of a LiveCD (be it Linux, BSD, etc) impose any significant security threats to the existing infrastructure? Thanks in advance.

d00m3d
03-01-2005, 03:56 PM
As long as you allow your users to boot a LiveCD, anything is no longer secure. Don't even think M$ could be intact, there are LiveCDs such as AUSTRUMI built with capabilities to blank the administrator's password even the latest patches or service packs were applied.

pureone
03-01-2005, 04:00 PM
does a live cd pose as any threat to your windows network do you mean?

in some ways yes but only if someone is able to boot up a windows machine using a linux live cd and this is only a threat because people can copy what ever data from the hard drive. such as encrypted password files. other then that i dont belive it will pose any threat. unless of course your windows boxes are 1 not configured correctly such as weak passwords(blank passwds) outdated servers (iis netbios etc)but this would be no differnt if someone was using windows and wanted to attack your network. they will be asked for a password when trying to access windows shares

a machine running a live linux cd is unlikly to get compramised. but is possible the servers are not always upto date and local privilege escalation is not that much of a problem. for instance if you was to allow someone to log in using the knoppix account. they could with ease jump to root with sudo su or just su as it doesnt ask for a password from what i remember.

so there are certain threats but you just have to treat them like most normal threats and take steps against them. such as passwording the bios so people cant boot live cds. disabling guest accounts on windows machines. making sure all accounts have passwords(even though ms alot of the time doesnt allow people to sign on with blank passwords)making sure the computers are upto date.