I’ve got kind of a weird use case where I have a lot of laptops used for specifically for sensitive customer environments. These aren’t used by everyone all the time, but only when the need arises. We need to have persistence when needed, but in some environments where exfiltration is a concern, we need to be able to work with a machine that ‘forgets’.

Basically I need something like a live distro installed on the local system. but somehow allow luks encrypted persistence volumes on USB or something so our folks can maintain their own persistence when its allowed. I’ve used TAILS in the past for this, but some contracts specifically stipulate no USBs, and from what I understand, TAILS on HD is an adventure…

I’ve never heard of anything like this, and I don’t have the funding to spin our own distro at the moment. Anyone have any suggestions?

  • Onno (VK6FLAB)
    link
    fedilink
    English
    32 days ago

    Knoppix used to do this. Not sure if it’s still around.

    Another approach is to stop access to exfilltration routes like USB and network.

      • edric
        link
        fedilink
        English
        32 days ago

        Oh wow this brings back memories when we had to verify that hard drives were wiped successfully before disposal and we used knoppix on live CDs. Good to see that it somehow still lives.

      • @[email protected]OP
        link
        fedilink
        English
        22 days ago

        niiice, I hadn’t heard of Knoppix in years! I’ll add that to the list for assessing today! thanks!