Chuck,
oops yes, I got tied up in the OS side of things...
#4: The read-only boot filesystem, 'deep freeze' partition etc., are
all methods that are used to ensure a fresh install for every boot. I
have seen these used in environments with general-public users. User
information and anything thay have done to the machine will generally be
wiped at every reboot. I'd suggest a persistent writeable filesystem
for browser settings can increase the risk of attacks with script/plugin
vulnerabilities. Note that from the time the OS is burned to a CD it is
aging and unpatchable :) so an occasional recompile and new CD would be
in order.
#6a: yes, downstream router/firewall. it's 'WAN' port plugs into the
upstream router's LAN (you'd need the downstream router to have an
ethernet WAN rather than broadband etc - and be able to configure the
WAN port for DHCP, or 'hard' configure it and know how to configure the
upstream device as well).
#8: I have had no experience with these.
davidt
On Fri, Jan 17, 2014 at 01:34:39PM -0500, Chuck Norcutt wrote:
> Thanks, David. Lots of great info there and it will take me a good bit
> of time to completely absorb it. But you combined the answers to 4 & 5.
> In trying to parse the answers I think the answer to 5 was that you
> weren't sure but suspected (as I stated) that the "write protect" was a
> software convention and not hardware prevention, therefore no real
> security. But I did not see a direct answer to my question 4 about
> saving configuration data on what is nominally a read only environment.
> Or did you really answer not to worry much about the normal writeable
> environment (ie; go ahead and use a normal disk) as long as I keep the
> Linux system current and act prudently?
>
> On #6 you said: "I have done the series firewall-router thing for a
> client for use at home, easy to do, even with DHCP - if your routers
> have the right interfaces and have the right config options." By "series
> firewall-router" do you mean a second router connected downstream to the
> first router? I had thought of that first but worried it might screw up
> the addressing in some (unknown) way. How would I know what routers
> have the right interfaces or options? Or does it mean: if I have to ask
> that question I shouldn't mess with it. :-)
>
> Finally, a new question #8. What do you think of a Chromebook as a
> secure environment for financial transactions. Supposedly the Chrome OS
> verifies at boot time that it's configuration has not been altered.
> Does it do enough for me to put up with having Google even further
> embedded in my life? :-)
>
> Chuck Norcutt
>
>
--
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/
|