In Practice

In a Linux Magazine hands-on test, we checked the Debian derivative's suitability for everyday use. The CryptoBox containers in particular will naturally tend to increase the overhead for storing and reconstructing data. But the developers have definitely done their homework here. The easy-to-use wizard and seamless integration with cryptosystems mean that there is little additional overhead for users of the encrypted disks: You only need to enter one password to work transparently with the containers just like with conventional mass storage.

The whole offline concept makes it extraordinarily difficult for attackers to even gain access to the system. Thanks to the live mode with a read-only file system and because mounting stationary disks is impossible, Discreete Linux also cannot be attacked via a manipulated host computer.

Conclusions

The prerelease version of Discreete Linux already covers most of the requirements that exposed groups of people usually impose on a hardened environment. This isolated solution with encrypted-only data transfer to the outside world implements the CryptoBox in a very user-friendly way. Last but not least, the stable Debian base minimizes problems due to software bugs.

But with attack scenarios constantly emerging, the makers of Discreete Linux are already planning further measures: In the future, they will only be offering signed kernel modules and hardening the USB interface, which is increasingly being used for attacks. The latter is intended to prevent the injection of bad USB trojans [11] via USB components. All in all, the beta phase Discreete Linux already presents itself as a successful niche product for users with strict security requirements.