How secure is knoppix?

I'd say it's pretty much impossible to hack a bootable CD.

Well....since it is impossible to write to a closed cd I'd say it is the most secure it could possibly be. :wink: If you've installed it to your hard drive and set up a firewall you could always scan your ports to find out.

if someone gets root access to your knoppix system, he can then totally destroy your hard drive data or read whatever he wants.

if someone gets root access to your knoppix system, he can then totally destroy your hard drive data or read whatever he wants.

So what's your point that's true with any OS.

If you want TOTAL security you need to not let anyone near the system. If you can acces the machine- you can hack it PERIOD! You should also disable booting from floppy or cd. I really think Bd84 was asking a general security question. Of course we haven't heard back so who knows...

When knoppix is installed, it's just a little less secure than debian by default. ( due to many more programs installed )

But you can increase security by adding firewalls, kernel patches etc.

If you run from the cd on a standalone computer with no harddrive, i'd say that would be pretty damn secure. Just reboot, and you're back to a clean install.

It mainly depends what you mean by "Secure" and what you intend to do with it.

if someone gets root access to your knoppix system, he can then totally destroy your hard drive data or read whatever he wants.

So what's your point that's true with any OS.

my points being is that the previous two posters seemed to be under the impression that Knoppix because it is on a closed CD is an inpenetrable system. I was merely stating that it is vulnerable as well.

my points being is that the previous two posters seemed to be under the impression that Knoppix because it is on a closed CD is an inpenetrable system. I was merely stating that it is vulnerable as well.

I am under no impression what so ever- I am am absolutely, positively, and unequivocally without a doubt certain that the Knoppix cd itself IS in fact VERY secure. As far as getting in from the outside goes- well are you behind a firewall? You can only be as secure as your firewall. Do you have ports open? There's an avenue and of course that applies to all OS's as well. As eadz mentioned if someone DID get into your machine while you had Knopix booted then just reboot and they're gone. That's the beauty of a ramdisk based Linux router- everything resides in RAM and there is no hard drive to penetrate.

That's the beauty of a ramdisk based Linux router- everything resides in RAM and there is no hard drive to penetrate.[/quote]

Forgive my ignorance, but doesn't your security in this scenario stem partly from the faxt that if you have no read / write storage you don't have anything to steal?

Forgive my ignorance, but doesn't your security in this scenario stem partly from the faxt that if you have no read / write storage you don't have anything to steal?

Exactly. The first step however is remaining invisible or at least as invisible as you can. Likely you will want to run some service or another and must show a port as closed but for any ports you're not using stealth is the way to go man.

Secondly- you need to keep them out- step in ipchains (old firewalling) or iptables (new firewalling). I use ipchains because 1)They work. 2) I understand them better than iptables. 3)My router distro is incapale of using iptables. (Although I have been looking very hard at LEAF lately which is based on 2.4 kernel and iptables).

As I posted above- I would really love to see some scans on your average home users router. Not just a quickie "most common" ports scan either- the full enchilada- all 65535 ports. Not to brag that "my router can beat up yours" but to have a genuine basis on which to make a decision.

Argument#1- "My router has a nice GUI I use through my web browser- it's so cool!" Yeah and it's another port open too. I use ssh- it's secure, it requires a password AND a key signature. I also have an easy to use menu.

Argument#2- "My router is small, cute and fuzzy.." Yeah they are but if you're handy you could make a pc smaller AND you can get one for free.

Argument#3- "My router uses almost no electricity-my electricity company loves me." Same here- no CPU fan, no case fan, no fans at all- I've even modified the power supply- it doesn't have a fan either. Of course I wouldn't recommend trying that unless you know what you're doing.
Besides- if you were really that energy conscience you'd shut off your air conditioning and go soalr.

There are 65535 ports that can be opened. Therefore we must conclude that there are 65535 ports that can be scanned, probed and penetrated. That doesn't sound very pleasant does it? All of those freeware wimpdoze apps that everyone seems to love so they can swap music files open their own port- yeah that's right, they open their own port! There is nothing on my system that is even capable of doing that- If I don't open the port it doesn't get opened-period.

rickenbacherus, you are American?

Indeed- check the sig.