Ubuntu 'trusted client' secures Windows and Citrix

Trusted Client, an Ubuntu-based encrypted clean boot utility, has received its Common Criteria certification and been included in the Defence Signals Directorate Evaluated Product List.

The device is designed to allow secure and safe access to a corporate or government network - even if the host machine is infected with malware.

Developed by UK-based encryption specialist Becrypt, Trusted Client is a hardened version of Ubuntu 9.04 that has been cut down to its bare components - about 500mb - and then bundled with Windows deployment tools. This is all wrapped in a layer of encryption and deployed on a standard USB drive.

David Jones, senior product consultant at Becrypt explained that in order to bypass any malware on an untrusted PC, users just boot from the Trusted Client memory stick. The PC then requests a username and password before loading Ubuntu.

The potentially infected hard drive is completely ignored.

"We boot the machine from the USB stick so you come from a known clean starting point. We never allow users to see the hard drive, we never touch it - we assume it is dirty. Instead we use the available RAM on the machine as our work area.

"You can then use the machine to connect with a VPN, use Firefox, Citrix or whatever you want. When you are finished, you shut it down and we do a secure wipe of the RAM," Jones told iTnews.

When questioned about Becrypt's decision to choose Ubuntu, Jones said the popular Linux distribution worked well with a diverse range of hardware.

"One reason we chose Ubuntu is because it is a very powerful OS and is very up to date - it has got lots and lots of drivers," he said.

Administrators can assign a portion of the Trusted Client USB stick to store documents or applications. Alternatively, if internet connectivity is guaranteed, everything can be stored in the cloud.

Housing the Trusted Client in a standard off-the-shelf USB drive means the product is not easily recognisable as a security tool. In addition, if the device falls into the wrong hands, when it is inserted into a computer, the machine will not be able to read the contents and usually advise the user to format it.

The product has a list price of $125.

Becrypt claims ASX-listed Caltex, a major fuel supplier and convenience retailer, is one of the first companies in Australia to deploy Trusted Client.

No Apple Mac support

Trusted Client will not work on Apple Mac systems because, according to Jones, they do not allow users to boot from a USB. The ideal system to run Trusted Client is an x86 PC that is less than four years old.