ISO config help

Angry Dog

Member
Credits
550
hi Everyone, so a few updates on what i am doing right now.

Firstly i started using this software: https://porteus-kiosk.org/index.html#about

Now few things to note is the setup itself. You have to be very careful how you set this thing up. Specially with resolution, home screen and so on. i found that Chrome gets infected a lot faster then Firefox but both really open to attack so take care to really clone your install on the VM.

How is it on RAM? well it doesn't use a lot but i recommend 2Gb not just the 1Gb.
How is it on Space? Again it can work with just under 1Gb but give it a tiny bit more.

But remember when in VM and you are working with a install, that the install can be attacked and corrupted. It is NOT ROM based. Or what the people will call ISO image. meaning it can be changed. While it is possible to make an ISO from a VM image i am yet to be successful as mine crashes but i am thinking it might be something i am doing wrong so i will get back on that one.

Over all once i can get this to function as an ISO i will move to my next task. Use a WiFi USB device to work with the ISO directly. This way i can isolate the main OS.
 


Angry Dog

Member
Credits
550
Abandoning the project.

Hi everyone. Here is the thing. Software like https://porteus-kiosk.org/index.html#about works really well and if you configure your network you CAN isolate your main OS and you CAN be safe on the net. But you will need to create a VM and create a clone of it each time. Use the clone and delete it when done.

There is no working way that i could find that will allow me to turn a VDI to ISO. And the whole point to this project was to create ISO. Now there are enough tutorials on YouTube that will take you to down load software that installs but doesn't start correctly or not at all. Now you sit with a new problem. What is it that I installed and how will it effect the main OS.

So I outright block YouTube it is no longer informative. It is just a bunch of people that want to romanticize Kali Linux and make sure you watch every advertisement. There is no value. The idea here was not to attack but defend. If i cannot defend my system i am left with 1 alternative.

The main OS will be air-gaped. Nothing will connect to it or from it. The VM will be connected to a isolated network with its own USB to LAN connector "faster more reliable" and it will run tails.
find out more about tails here https://tails.boum.org/

This means i will be secure on the net. my OS will be completely isolated. Because VirtualBox decided not to include a way to convert VDI to ISO was just such a let down i will be looking for something else to use. There is no point in using software that limits the users.

Now as for me giving my friends access to VM so that we can brainstorm code? This will not happen because i cannot isolate the VM the way i wanted to and i know for a fact that the software i wanted to use for ease more then anything else have a RAT that can do a LOT of damage.

So i decided that we must share screens on whatever software like Skype Discord Zoom whatever. It is just a pity that this really promising project had to end up this way.

Cheers thanks for all the feedback.
 

Angry Dog

Member
Credits
550
The devil is in the details i guess. no to be clear a lot of Linux distributions can boot and live in the ram only. But creating a custom solution is not going to be easy or so it seems. But before we find out we live in the Matrix and Neo is a lie, we need to figure out what it is we want.

First and foremost we have YouTube that is basically a virus infection. They create content with the intent to compromise security and attack us on the following levels. Router level attacks OS level attacks.

Now sadly the tools that are provided for these attacks is really scary. Our tools on the other hand is basically worthless.

We have VM and wired networks along side encryption. How can we use the existing tools? Well it comes down to what you are willing to sacrifice.

List or things you need to sacrifice:
Simple router setup buttons.
WiFi anything needs to go.

So now lets look into what is possible:
Wired network means they need physical access to the network.
VM systems can isolate an OS and depending on the OS it can boot from a read only File like an ISO.
Having multiple VMs that is not heavy on the main computer system.

How will this work?
Simple first thing is protecting the host OS.
Here is some ideas on how to do that.

first is to air-gap the OS. Meaning you physically disable the network on it. This means that it will exist in the void. Nothing can get to it.

Second step: Install VM and allow it alone to access the hard line network.
Now it comes down to needs:

The one VM OS can host your working environment and push your work to the cloud or to a USB drive that can be used but it also need to be virus scanned. But this OS can also be backed up easily from the main OS. So basically IF a infection happens it will not matter. You can turn off the VM delete it and pull your fresh backup and continue. Also note this OS can be hardened by encrypting it and using two factor authentication on your cloud service or email.

The second VM can host a browser that is completely isolated and can be deleted after use. This means you basically create "single use browser" This is done by installing the browsing software and cloning it within the VM software. Then the clone gets used and deleted. This will greatly eliminate websites to track, infect the browser or its OS as it cannot get to the main OS.

Thirdly is physically imaging the main OS "host" and everything on it for fast recovery.

Now we can look at VPN:

What does a VPN do? it creates a encryption layer on-top of the existing https encryption and hides your traffic from two situations. One is ISP snooping/tracking the second is Packet sniffing. Now this can be done from a network level and your OS/main OS doesn't need to host the VPN. Something as simple as a Pi computer can do this easily. There is a TON published on it so Google will be your friend. And yes it can hide your IP from streaming providers that would otherwise block content.

What does a VPN not do?

It will not protect you against a RAT once the RAT is installed on the OS and running. It will not protect you against infected attachments on your emails. This is the job for a GOOD antivirus but note your choices for a GOOD antivirus is limited once you run a Linux Distribution so consider your workflow carefully before creating your "work environment OS" on the VM.

Now the how i will get into a bit later.

i am not going to write a load of trash here. I rather experiment, see what works and give you my functional solution. This will happen as i get the time to work with this.

But if you are clued uo with computers and look at the above you will already have some ideas on how to do this.
 
Last edited:
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Members online


Top