The Lightweight Portable Security (LPS) distribution has been around for awhile but I thought I’d put out a quick post for those that might not be familiar with it. The DoD created this Linux distro (shown at right) a few years ago with the goal of providing telecommuters an option for using home or other untrusted computers to access limited functions of the same networks and systems they use while at work. Built as a LiveCD, LPS ensures your physical system is booted up into a known good state and is pre-configured with all the necessary settings to facilitate connections back to your home organization.
DoD describes LPS as the following.
Lightweight Portable Security (LPS) creates a secure end node from trusted media on almost any Intel-based computer (PC or Mac). LPS boots a thin Linux operating system from a CD or USB flash stick without mounting a local hard drive. Administrator privileges are not required; nothing is installed. The LPS family was created to address particular use cases: LPS-Public is a safer, general-purpose solution for using web-based applications. The accredited LPS-Remote Access is only for accessing your organization’s private network.
LPS-Public allows general web browsing and connecting to remote networks. It includes a smart card-enabled Firefox browser supporting CAC and PIV cards, a PDF and text viewer, Java, and Encryption Wizard – Public. LPS-Public turns an untrusted system (such as a home computer) into a trusted network client. No trace of work activity (or malware) can be written to the local computer. Simply plug in your USB smart card reader to access CAC- and PIV-restricted US government websites.
As highlighted above LPS comes in three flavors: LPS-Public, LPS-Public Deluxe, and LPS-Remote Access. LPS-Public, which weighs in at only 135 MB, focuses on web-based activity and includes Firefox with Java and Flash support, the Encryption Wizard-Public, a PDF viewer, a file browser, various remote desktop applications, and an SSH client. LPS-Public Deluxe adds OpenOffice and Adobe Reader. LPS-Remote Access is not publicly available as it is geared for users of US government agency networks that require direct secure network access.
Because of the availability of the public version, security professionals have also recommended LPS for those concerned about privacy or making high-value transactions. For example, for those worried about large companies such as Google tracking their surfing activities around the Internet, a simple reboot can limit tracking normally done through cookies or similar mechanisms. Additionally, others have recommended LPS for small or medium businesses that perform sensitive bank transactions. Instead of requiring a dedicated computer for banking, owners can simply use their current computer with LPS booted up prior to banking online.
Checkout this quick three and a half minute theatrical look at what LPS can do.
For those requiring fairly stringent security with a known good starting state, LPS provides the ideal environment for these one-off situations without having to purchase a separate computer. Yes, any of the live distros like LPS will probably be missing a lot of patches but this should be fine for these situations.
You can find the ISO, setup instructions, and more about LPS over at its distro site.
Have you used LPS before? What were your thoughts? Today’s post pics were from Weebly.com. See ya!