Sign in with
Sign up | Sign in
Your question

The most secure PC

Last response: in Systems
Share
July 3, 2007 10:19:24 AM

I want to build the most secure PC possible from the random parts i have lying around. What do you reckon?

Linux? (what distro is the most secure?)

I was thinking bout removing the HDD altogether and just booting/running from CD or USB pen

EDIT: It will only be used for connecting to the internet.

More about : secure

July 3, 2007 10:29:00 AM

What on earth are you planing to do? Watch porn?
July 3, 2007 10:40:09 AM

O.o weirdo
Related resources
July 3, 2007 10:44:23 AM

Umm, there are security Linux distros on LiveCD. If i had to choose, i would take BackTrack (although is overkill for your needs), but it is more of a personal decision.
July 3, 2007 11:05:41 AM

Quote:
It will only be used for connecting to the internet.


I'd say the most secure would be to work from a live cd;

you'd only need a cdrom/dvdrom drive (no usb pen or hd needed). This way, even if you get hacked no harm can ever be done (to recover would only need to reboot).

There are some live cd's available (suse, ubunto, ....) which one is only a matter of personal preference.

A rule of thumb for a more secure "experience": to have as less services/applications running as possible!
July 3, 2007 11:06:28 AM

the most secure i would imagine would be to just run from a live cd as was mentioned, that way no real installing of any files is necessary, and can be run from any system youd want to temporarily run it from (youll be limited by the speed of your cd drive though anytime you go to read new data that hasnt yet been cached into ram). as far as distro preference, i would suggest ubuntu (but only because its the one im most familiar with, though im sure there are plenty of other distros available that youd want to try instead possibly)
July 3, 2007 1:26:35 PM

Can you actually run on internal memory alone? Wouldn't you need at least some harddisk space for temp files and such. Also you would not be able to login to sites as you can't save cookies right? Maybe I'm missing something here but that would be one limited internet experience :?
July 3, 2007 1:43:56 PM

Usually it "partitions" the memory and creates a memdisk (a virtual disk whose storage is the main memory).

Thats why the memory system requirements are usually higher than the installation (ubunto 256 vs 192MB). If you have at least 512MB you should have no problem.
July 3, 2007 1:50:25 PM

But when you reset/turn off system will files be lost or does it keep them stored? It would seem that to have a complete internet experience you would either have to update the live cd often or reload everything to memory on reboot... correct??
I'm a real noob when it comes to Ubuntu stuff so I don't really know it's workings/limits. Maybe I'm too tied up in Windows thinking :D 
July 3, 2007 2:17:26 PM

you could burn CD's of the internet files you want to keep (I guess you would need 2 drives though). Or you could use a memstick. I guess you could even tell your browser to store the cookies on a flash drive.
July 3, 2007 2:19:27 PM

True, but it seems like a big hassle just for watching porn :D  I'll stick with my regular setup for now I guess.
July 3, 2007 2:22:20 PM

Quote:
True, but it seems like a big hassle just for watching porn :D  I'll stick with my regular setup for now I guess.


You can have a usb pen to store things like history, favs, .... but that would start to defeat "the most secure PC" mantra :) 

With a live CD once you reboot you'll loose all settings (and will leave no trace whatsoever of what you have been doing) including any for a virus/trojan/whatever...
July 3, 2007 2:33:33 PM

There are three aspects to security:

Confidentiality
Integrity and
Availability

Which one is most important to you? A live CD ensures integrity and long term confidentiality, but certainly reduces availability to you, as most people have pointed out.

Are you worried about being hacked? Being caught with illegal materials, or something else?
July 3, 2007 2:41:18 PM

I'm not worried about anything :D  I don't even have a virusscanner or firewall. About the only thing I do is be selective about cookies, run Spybot every now and then and run an online viruscheck when I suspect something is wrong. I'm also not the OP but was just wondering if it was indeed possible to do this and what would be the major pitfalls with a setup like this, that's about it. As for illegal material...who...me?? :wink:
July 3, 2007 4:43:53 PM

8O Erm......ok.....lets take things down a notch. Like i said, it would just be an experiment with some old parts, i'm not a porn addict or whatever else might come into your mind :roll: :p  .

As for confidentiality, is there a way to mask my IP address and such to remain completely anonymous? I suppose using a proxy....
July 3, 2007 6:36:46 PM

A proxy would be your only chance to be anonymous. But beware. Everything is retraceable...
July 3, 2007 7:24:58 PM

If you're going to be doing really shady things with your PC, definitely avoid having a HD. I'd assume cops love magnetic media. Booting from a LIVE CD (pretty much any distro) would provide you with a browser, an IM client and various other applications... all running in volatile RAM. If you're connecting through a router, that should hide your MAC address to the external world.

There is one concern I've always had about a setup like this... how do you handle security updates that potentially require reboots? I'm guessing you'd just burn a new CD/DVD and boot from the updated LIVE CD. Not exactly the smoothest way to go, but otherwise you'd be running an un-patched OS and that'd definitely not be considered a secure PC.
July 3, 2007 7:53:03 PM

"...If you're connecting through a router, that should hide your MAC address to the external world. ..."

You kinda forgot the ISP haven't you?
July 3, 2007 8:31:08 PM

Modem hides your router IP. Your router hides your MAC ID.


ISP hides your .. well... not much.
July 3, 2007 8:56:13 PM

hides your mac address, but presents that of the router instead......so your still very traceable. Proxy services out there all over, some legit, some not.

Most untraceable internet connection I know of is buying a used laptop off ebay and using the neighbors wireless (use an antenna can so it isn't the NEXT door neighbor).

Far as your project is concerned, VERY do-able. Ramdisk the system on boot, and store your core favorites/cookies on a flash drive. Pull everything back off of flash on reboot and have at it.
July 3, 2007 9:04:15 PM

Quote:
Modem hides your router IP. Your router hides your MAC ID.


ISP hides your .. well... not much.


ISP's (usually) hide nothing....

There are anonymity tools on the internet, usually based on http proxies (some free, others not) - mainly because there is censorship out there - (e.g. http://tor.eff.org/ {tor network} or http://www.thefreecountry.com/security/anonymous.shtml)

Quote:
There is one concern I've always had about a setup like this... how do you handle security updates that potentially require reboots? I'm guessing you'd just burn a new CD/DVD and boot from the updated LIVE CD. Not exactly the smoothest way to go, but otherwise you'd be running an un-patched OS and that'd definitely not be considered a secure PC.


In a linux world *ONLY* kernel updates require reboot.
I completely agree with the unpatched part, however a live CD like this should be updated often (probably the whole CD) - most distros are updated every 6 months or so (package update can be as often as daily - but do keep in mind that usually in linux you install alot more than the OS, you install office, desktop apps, games, productivity packages, database servers and client and so on and so forth).

Quote:
A proxy would be your only chance to be anonymous. But beware. Everything is retraceable...


This must be taken with a grain of salt, as we are all used to what we see what happens in tv shows :) 

There are projects that try to anonymise as as much as possible, and sometimes the "background noise" is so much that it only matters if it really is that much important to do so.

Quote:
Which one is most important to you? A live CD ensures integrity and long term confidentiality, but certainly reduces availability to you, as most people have pointed out.


For the most part I agree, but there are sometimes when this is just not true. With a method like this (assuming you can boot from CD) you can be 99.9% sure this computer is safe to use (barring hardware keyloggers and such). When you go to a internet café, you are sure this pc isn't riddled with trojans and spyware.

I take this opportunity to send you a live cd list, in http://www.frozentech.com/content/livecd.php, just use the filter that interests you, and you'll find something.

For a secure browsing I saw two versions, but alas they aren't recent.

PS: sorry for the long answer!
July 3, 2007 9:10:40 PM

Quote:
Most untraceable internet connection I know of is buying a used laptop off ebay and using the neighbors wireless (use an antenna can so it isn't the NEXT door neighbor).


Wardriving (is the name to what you say to do) is always illegal.

AFAIK there are even cases of people who have gone to jail by doing it (but in my office today I saw at least 3 wireless networks with no protection at all).
July 3, 2007 10:38:24 PM

Use a LiveCD... and don't connect to the internet... best strategy ever...

On a more serious note, try out Knoppix, I mean... a LiveCD is your best bet for this.
July 4, 2007 6:51:02 AM

One other small detail: you will need this on DVD, and when taking said laptop to Inet Cafe, make sure you don't have a DVD Burner installed... combo drive only. You can't alter what you can't burn. So its DVD+R copy, placed into a DVD read only combo drive.

my additional 2c
f61
July 4, 2007 7:32:22 AM

Thanx guys for the replies

I like knoppix, i'll probs use that
July 4, 2007 2:13:40 PM

Quote:
"...If you're connecting through a router, that should hide your MAC address to the external world. ..."

You kinda forgot the ISP haven't you?


No. To the best of my knowledge your ISP would have no clue what MAC addresses were accessing its network as all requests would be made by the router. Those MAC addresses are what would identify the OP's PC... without that information, it could be any PC accessing their network. If the router was secured with WEP (an easily defeated encryption scheme), I imagine any use (or mis-use) of the connection could be attributed to a neighbor with bad intentions. I believe there are court cases currently active on this very topic. If grandma's wireless connection is unsecured and little Johnny next door uses it for illegal purposes, do you put grandma in jail? If the OP was using a PC without an HD, there would be no physical evidence (that I'm aware of) left should his PC be scooped up by any government agency.
July 4, 2007 2:22:16 PM

AFAIK you are ALWAYS responsible for what happens over your line. If you let your neighbor surf at your costs it's also at your risk. Furthermore; how do you think it will look like, if something bad happened over your line and the investigations show that you have no HDs whatsoever but Linux distros all over the place? That would be a BIG red light flashing...
July 4, 2007 3:18:18 PM

Quote:
AFAIK you are ALWAYS responsible for what happens over your line. If you let your neighbor surf at your costs it's also at your risk. Furthermore; how do you think it will look like, if something bad happened over your line and the investigations show that you have no HDs whatsoever but Linux distros all over the place? That would be a BIG red light flashing...

I totally agree that it would be a big red light flashing... but do big red flashing lights get you convicted in a court of law?

What physical evidence would exist for a conviction? Just think about it... using the grandma and the unsecured wireless connection example... if something illegal happens on her connection, is she going to jail? No. Her computers will likely be inspected by some forensics expert and she'll be off the hook and they'll go look at the neighbors' houses. Suspicion does not always equal guilt... and it sure as hell doesn't equal an automatic conviction.

I just think the absence of physical evidence such as MAC addresses or magnetic media would make a conviction on any charge highly unlikely.
July 4, 2007 3:33:04 PM

I know it's a bad joke, but the most secure PC is the one not connected to the internet... Otherwise, if hacker can hack the USArmy server, they'll manage to hack you should they want to do it.

Stay out of sight, don't do anything bad, put up a good firewall and do virus scan at least twice a week (on top of regular backround check), and you shouldn't have any problems. Ohhhhh! I forgot to add... stay away from unknown site (PORN!!!!!!) and avoid file sharing (Morpheus, Shareaza, Limewire, etc...). Avoid using (or at least keeping on HDD) your credit card informations. Don't store your password so you don't have to remember them.

I personally have two computers at home, a desktop and a laptop. My desktop is working only when needed, and is connected to the internet only for update, my STEAM account and the like. My laptop, on the other hand, is on 24/7 and is used for file sharing (very few but still), emails, some Folding@home (with team 40051 :wink: ). Still, I never had any problems with security. My firewall is pretty much on "ask for everything" mode, my Avira AV is up-to-date at all time, I also have AVG antispyware scanning twice a week, same with Ad-Aware and Spybot.

I simply avoid going to weird web site (PORN :wink: :twisted: ), and disconnect my hotmail account when not needed and look not connected when on. I've been like that for a year and had no problems at all.
July 4, 2007 3:40:26 PM

Quote:
Otherwise, if hacker can hack the USArmy server, they'll manage to hack you should they want to do it.

Did you know that the best way to hack someone, anyone, is through social engineering? And in fact this is the most common used way to hack? You can see something like http://www.theregister.co.uk/2006/06/27/usb_drives_secu... to better understand how it does work.

From a security standpoint, and AFAIK, the security procedures, and applications used are the same as the rest of the world (and most of the time means no personal firewall or av software - which costs money)

Quote:
I know it's a bad joke, but the most secure PC is the one not connected to the internet...

You forgot that it should be immersed in at least 10 tonnes of concrete, but it really is true....
July 4, 2007 4:10:22 PM

Another way to go is to run your web session inside a virtual machine. Install the VMware player (free from VMware) and then have a go with the secure browser appliance (also free) from the site. Have a read up about it on the VMware site. You might find it works well for your situation.
July 4, 2007 5:44:33 PM

Quote:
Most untraceable internet connection I know of is buying a used laptop off ebay and using the neighbors wireless (use an antenna can so it isn't the NEXT door neighbor).


Wardriving (is the name to what you say to do) is always illegal.

AFAIK there are even cases of people who have gone to jail by doing it (but in my office today I saw at least 3 wireless networks with no protection at all).

Actually, that isn't wardriving - that's 'piggybacking'. Wardriving is when you ride around in your car looking for hotspots. Piggybacking is just the general unauthorized access to a WLAN.


But when people get in trouble - it's never for 'wardriving' - it's always for something else. The reason that wardriving itself is not illegal is because 802.11 and DHCP protocols operate on behalf of the owner giving consent to use the network, but not if the user has other reason to know that there is no consent.

In other words - if the network is not protected, it's assumed that the network admin intended it to be that way - so that people could use the network without having to ask permission. Of course, that argument is kind of skewered since most computer illiterate people haven't the slightest clue on how to set up WPA protections, etc.

BUT, on the other hand, a lot of Windows computers 'automatically' connect to the nearest available wi-fi hotspot - if that happens to be your next door neighbor's WLAN...

But most of the cases involving wardriving/piggybacking (in the United States) the people are actually charged for something else - i.e. for downloading kiddie porn while on the WLAN or hacking into someone's server while on the WLAN.
!