Ubuntu 'trusted client' secures Windows and Citrix

By Munir Kotadia on Mar 18, 2010 1:30 PM
Filed under Security
 

Even from a malware-infected PC.

Trusted Client, an Ubuntu-based encrypted clean boot utility, has received its Common Criteria certification and been included in the Defence Signals Directorate Evaluated Product List.

The device is designed to allow secure and safe access to a corporate or government network - even if the host machine is infected with malware.

Developed by UK-based encryption specialist Becrypt, Trusted Client is a hardened version of Ubuntu 9.04 that has been cut down to its bare components - about 500mb - and then bundled with Windows deployment tools. This is all wrapped in a layer of encryption and deployed on a standard USB drive.

David Jones, senior product consultant at Becrypt explained that in order to bypass any malware on an untrusted PC, users just boot from the Trusted Client memory stick. The PC then requests a username and password before loading Ubuntu.

The potentially infected hard drive is completely ignored.

"We boot the machine from the USB stick so you come from a known clean starting point. We never allow users to see the hard drive, we never touch it - we assume it is dirty. Instead we use the available RAM on the machine as our work area.

"You can then use the machine to connect with a VPN, use Firefox, Citrix or whatever you want. When you are finished, you shut it down and we do a secure wipe of the RAM," Jones told iTnews.

When questioned about Becrypt's decision to choose Ubuntu, Jones said the popular Linux distribution worked well with a diverse range of hardware.

"One reason we chose Ubuntu is because it is a very powerful OS and is very up to date - it has got lots and lots of drivers," he said.

Administrators can assign a portion of the Trusted Client USB stick to store documents or applications. Alternatively, if internet connectivity is guaranteed, everything can be stored in the cloud.

Housing the Trusted Client in a standard off-the-shelf USB drive means the product is not easily recognisable as a security tool. In addition, if the device falls into the wrong hands, when it is inserted into a computer, the machine will not be able to read the contents and usually advise the user to format it.

The product has a list price of $125.

Becrypt claims ASX-listed Caltex, a major fuel supplier and convenience retailer, is one of the first companies in Australia to deploy Trusted Client.

No Apple Mac support

Trusted Client will not work on Apple Mac systems because, according to Jones, they do not allow users to boot from a USB. The ideal system to run Trusted Client is an x86 PC that is less than four years old.


Ubuntu 'trusted client' secures Windows and Citrix
7 comments in this discussion
"@graeme.speak "GoPC.net does this, FREE." The website shows costs, not high, but costs nevertheless."
By kenrob
 
Tags
ubuntu, citrix, becrypt, linux, windows, thin client, government, dsd, security, encryption, reboot, defence
Related Articles
Breaking Stories
 
 
Comments: 7
Graeme Harrison (prof at-symbol post.harvard.edu)
Mar 18, 2010 4:08 PM
 Very good and clever use of Ubuntu.
It should silence those who claim Open Source equates to poor security.

Indeed, I've wondered for the 15 years that the internet has been pervasive, why Microsoft (or say HP) never worked within XP to offer a daily check of your Windows system, to 'sync' it back to an exact copy of a standard/safe system. If it was HP, they could have included all HP drivers, all HP printer drivers etc, and grow a list of 'trusted apps'. That could have overcome the issue of having every individual home user (other options are there for corporate users) supposedly looking after security on their own system. Possibly 90% of users could have lived within that limited application list (open office, Firefox etc).

But now that thumb-drive Linux versions will be available, it is possibly a moot point. With competition, these might drop to 'cheap' options, for home users. The normal Ubuntu (or booting off your Ubuntu CD-R) gives you access to your hard drive files, yet 'quite good' security. Though for corporate use there will always be a market for excellent security, like this device.
graeme.speak
Mar 18, 2010 10:09 PM
 GoPC.net does this, FREE. A Linux workstation created out of a diskless or corrupted PC, but they include an online "cloud platform" hosting dozens of desktop apps, storage, security, etc. The cloud has no dependence on physical hardware.

Downloads to your USB or a CDROM and boots on any PC hardware so you can recyle hardware or recover files.

Best of all, this company is Australian and exporting to the world.
neddludd
Mar 19, 2010 6:55 AM
 This is good, particularly after so many articles telling business to not use windows for internet banking.

However, wont puppylinux,knoppix,slitaz, or similar do much the same thing at no cost? I realise you dont get as solid support with those distros.
mkotadia
Mar 19, 2010 7:20 AM
 Thanks for your comments.

There are numerous free methods of creating a clean boot and Puppy Linux has been highlighted as one of the easiest by NSW Police.

This product's encryption abilities - and the secure RAM wipe feature - make it stand out.
Sams
Mar 19, 2010 9:39 AM
 "However, wont puppylinux,knoppix,slitaz, or similar do much the same thing at no cost? I realise you dont get as solid support with those distros."

Yeah, but businesses like to pay for something so they know they can get a refund if it doesn't work. :-) I'm just being facetious, but really some businesses do act that way.
cjc1959au
Mar 19, 2010 12:51 PM
 "Trusted Client will not work on Apple Mac systems because, according to Jones, they do not allow users to boot from a USB"

Gees, I wonder what I have been booting off my USB sticks on my Macbook Pro? Let's see: Windows, Ubuntu, Mac OS X, Puppy Linux, wow even DOS. All boot fine.

Maybe the lack of Mac Support is much more to do with a lack of testing.

But then Mac OS X doesn't need this "Trusted Client". Mac OS X is a lot safer in standard form, simply because it doesn't run or support Internet Explorer!
kenrob
Mar 22, 2010 10:36 AM
 @graeme.speak
"GoPC.net does this, FREE." The website shows costs, not high, but costs nevertheless.
Comments have been disabled for this article.
 
 
Top Stories
ATO commits to complexity
ATO commits to complexity
Greater demand, fewer apps.
 
Photos: AusCERT 2013 day two
Photos: AusCERT 2013 day two
The second day of the Queensland security conference.
 
The illusion of cognitive computing
The illusion of cognitive computing
Opinion: IBM's Watson is a marketing success.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

Bankwest builds continuous delivery capability
Bankwest builds continuous delivery capability
To automatically deploy test/dev sandboxes by mid-year.
Veterans' Affairs sets sights on modernisation
Veterans' Affairs sets sights on modernisation
Data safe with Human Services, CIO says.
Citi Australia drops platform customisations
Citi Australia drops platform customisations
Technology chief shifts focus from building to leveraging systems.
VicRoads restructures IT team
VicRoads restructures IT team
Department moves to align with industry benchmarks.
Zurich Australia extends IT team offshore
Zurich Australia extends IT team offshore
Malaysian staff served from Australian data centres.
Leigh Berrell - Utilities CIO of the Year
Leigh Berrell - Utilities CIO of the Year
Yarra Valley Water CIO Leigh Berrell accepts his Benchmark Award for Utilities CIO of the Year.
Wayne McMahon - Retail CIO of the Year
Wayne McMahon - Retail CIO of the Year
Domino's Pizza CIO Wayne McMahon accepts his Benchmark Award for Retail CIO of the Year.
Inside Perpetual's ongoing IT transformation
Inside Perpetual's ongoing IT transformation
CIO Jenny Levy discusses how outsourcing will help the firm "simplify, refocus and grow".
Managing Complexity - Defence's Daniel McCabe
Managing Complexity - Defence's Daniel McCabe
Daniel McCabe, Assistant Secretary of Australia's Department of Defence, provides the audience at the iTnews Data Centre Strategy Summit with a deep dive into the organisation's data centre consolidation program.
How Facebook designed the data centre from scratch - Marco Magarelli
How Facebook designed the data centre from scratch - Marco Magarelli
The full keynote by Facebook data centre architect Marco Magarelli at the Australian Data Centre Strategy Summit. Magarelli details the design considerations behind the social network's Prineville, Oregon; North Carolina and Luleå, Sweden data centres.
Modernising Legacy Data Centres - Telstra's Jon Curry
Modernising Legacy Data Centres - Telstra's Jon Curry
Telstra general manager of managed data centres Jon Curry guides the audience at the iTnews Australian Data Centre Summit through the build of the telco's Clayton, Victoria data centre.
NSW Government launches NABERS data centre rating tools
NSW Government launches NABERS data centre rating tools
Matthew Clark from the NSW Department of Environment guides facilties managers through the details of the new NABERS data centre energy rating tool at the Australian Data Centre Strategy Summit.
NABERS launch panel: Australian Data Centre Strategy Summit
NABERS launch panel: Australian Data Centre Strategy Summit
Matthew Clark (NSW Dept of Environment), Greg Boorer (Canberra Data Centres), Glenn Allan (National Australia Bank), Mike Andrea (Strategic Directions) and Bob Sharon (Green Global Consulting) discuss the impact of the NABERS data centre rating.
Judges notes: Fortescue Metals [The Benchmark Awards]
Judges notes: Fortescue Metals [The Benchmark Awards]
iTnews' panel of judges discuss Fortescue Metals 'New World of Work" project, one of three shortlisted finalists for the Industrials category of the CIO Benchmark Awards.
Judges notes: Retail [The Benchmark Awards]
Judges notes: Retail [The Benchmark Awards]
iTnews' panel of judges discuss the shortlisted finalists for the Retail category of the CIO Benchmark Awards.
Judges notes: Pacific Aluminium [The Benchmark Awards]
Judges notes: Pacific Aluminium [The Benchmark Awards]
iTnews' panel of judges discuss Pacific Aluminium's lightning fast service desk refresh, one of three shortlisted finalists for the Industrials category of the CIO Benchmark Awards.
Judges notes: Domino's Pizza [The Benchmark Awards]
Judges notes: Domino's Pizza [The Benchmark Awards]
iTnews' panel of judges discuss Domino's Pizza's shift to hosted services, one of three shortlisted finalists for the Retail category of the CIO Benchmark Awards.
Judges notes: McDonald's Australia [The Benchmark Awards]
Judges notes: McDonald's Australia [The Benchmark Awards]
iTnews' panel of judges discuss McDonald's Australia's new self-service portal for employees, one of three shortlisted finalists for the Retail category of the CIO Benchmark Awards.
Judges notes: ING Direct [The Benchmark Awards]
Judges notes: ING Direct [The Benchmark Awards]
iTnews' panel of judges discuss ING Direct's 'Bank in a Box', one of three shortlisted finalists for the banking and finance category of the CIO Benchmark Awards.
Judges notes: Yarra Valley Water [The Benchmark Awards]
Judges notes: Yarra Valley Water [The Benchmark Awards]
iTnews' panel of judges discuss Yarra Valley Water's insourcing project, one of three shortlisted finalists for the Utilities category of the CIO Benchmark Awards.
Latest Comments
Powered by Disqus
Polls
Do you prefer the Coalition's NBN policy?
   |   View results
Yes
  19%
 
No
  81%
TOTAL VOTES: 1730

Vote
view previous polls »