Question About Using Trusted End Node Security Tens On Vm For Mac
Introducing TENSWhile writing of Windows 10 security issues, I encountered the possibility that some situations might call for use of something like (TENS), formerly known as Lightweight Portable Security (LPS), a Linux distribution developed by the U.S. Department of Defense (DoD). Described LPS asa Linux LiveCD (or LiveUSB), developed and publicly distributed by the United States Department of Defense’s Air Force Research Laboratory, that is designed to serve as a secure end node. It can run on almost any Intel-based computer (PC or Mac). LPS boots only in RAM, creating a pristine, non-persistent end node. LPS turns an untrusted system into a trusted network client.
No trace of work activity (or malware) can be written to the local computer hard drive.Wudewasa contended that it would be incredibly shortsighted for DoD to build a backdoor into its own software, though maybe doing so for the public version would be too great a temptation to resist. Said its products “provide network security from the end node perspective while providing user capabilities of remote access, secure web browsing, and file/folder encryption.” said,TENS™ differs from traditional operating systems in that it isn’t continually patched. TENS™ is designed to run from read-only media and without any persistent storage. Any malware that might infect a computer can only run within that session.
A user can improve security by rebooting between sessions, or when about to undertake a sensitive transaction. For example, boot TENS™ immediately before performing any online banking transactions. TENS™ should also be rebooted immediately after visiting any risky websites, or when the user has reason to suspect malware might have been loaded.
In any event, rebooting when idle is an effective strategy to ensure a clean computing session.That webpage indicated that there were three editions of TENS. All three ran from bootable media; the so-called was apparently intended only for DoD civilian and military personnel. Was for non-DoD federal organizations.
The rest of us were left with TENS-Public, in Regular and Deluxe versions. Said the difference was that the Deluxe version included software such as LibreOffice and Adobe Reader. Version 1.7.6 (May 2019) was said to be the last version that would include both 32- and 64-bit kernels; later versions would be 64-bit only. Said that, in effect, TENS would run on any computer capable of running Windows XP, requiring only 1GB disk space for Regular and 1.GB for Deluxe.
Trusted End Node Security (TENS), previously called Lightweight Portable. Lightweight Portable Security (LPS) is a Linux live CD with a goal of allowing users to work. Of Flash poses a problem, use the NoScript add-on within Firefox to disable it. Added Pidgin 2.10.2 (with SameTime support); added VMware View 1.4;.
The networking feature would run on wired, wireless, or tethered cellular connections. Printing was feasible for both local USB and networked printers.Installing TENSI downloaded the Regular and Deluxe Public ISOs (1.7.6). After some struggles, I emailed the TENS office for suggestions. They replied quickly and helpfully. Based on their advice and on, I started by formatting a USB drive in FAT32 format, with the name of KINGSTON, but otherwise using the Windows formatting defaults.
That was going to be my target drive. It was mounted as drive F.The next step was to run the installer. To do that, I double-clicked the Regular ISO in Windows 10 File Explorer. That mounted the ISO as drive G.
I went into its G:InstallToUSB folder. There, I right-clicked the USBInstall.bat file located in that folder and chose.The installer asked for my source drive. In this case, that was G. Then it asked where my USB flash drive was. It asked if I wanted to format the drive.
I had to say no. The TENS people had told me that the batch script used an old formatting tool that couldn’t handle a USB drive larger than 4GB. This was why I formatted it myself before starting.Next, the installer asked if I wanted to install Encryption Wizard. Included information on unlocking my computer’s Java installation, so as to enable 256-bit AES encryption. Unlocking Java required that I did not want to take now. So, at least for this trial run, I said no to Encryption Wizard. I would soon see that Encryption Wizard was included anyway, without these additional steps, so No was apparently the best answer here.With that done, the installer proceeded to copy files to the USB drive.
That took a minute or two. It seemed to succeed. It ended with a warning that I interpreted as follows:.
TENS ran from RAM, so it would not be necessary to keep the USB drive plugged into the computer, once TENS was booted and running. Indeed, the TENS installation would be better protected from malware if the USB drive was removed as soon as possible after TENS was up and running. And if you were a spy who might need to flee at a moment’s notice, getting the USB drive out of the computer and into your pocket would be better done right away. Given that advice, and the fact that the TENS USB drive “will NOT automount as a storage device,” they recommended using a separate USB drive to store data used or acquired during the TENS session.Out of curiosity, I ran a partitioner (e.g., ) to take a look at the USB drive’s structure. On the first USB drive I used, it had an 18MB unallocated space.
I wasn’t sure how that got there — it wasn’t on the other USB drive I used. Either way, the rest of the USB drive was filled with the partition containing the TENS installation. But that partition was mostly empty: TENS Regular edition used only about 550MB.Later, I repeated those steps to create a bootable version of the TENS Deluxe edition.
This time, I formatted the drive as DELUXE. The process otherwise proceeded exactly as just described, except that MiniTool reported a total of about 700MB of disk space being used.For those interested in trying alternate approaches, my initial struggles included an attempt to use the alternative Linux installation method. There told me to install and use on Linux, and use unetbootin to install the ISO on the USB drive, and then “Follow the ‘If using Linux’ instructions in the program.” This made me wonder if I could do approximately the same thing by starting with a Windows program like. I ran Rufus, pointed it toward the regular (not deluxe) TENS ISO, and told it to add a 5GB persistent partition. I tried but it wouldn’t boot. But apparently it was supposed to, so presumably something was wrong with my approach.As another alternative, I booted a Linux Mint live USB and tried to install UNetbootin on it by entering. But those produced errors related to the repositories.
The Linux instructions didn’t work for me, no doubt because my Linux skills were pretty rusty. So the procedure described above was the only one that gave me working TENS USB drives.Booting TENSTENS required a Legacy BIOS boot. That is, it apparently hailed from the days when you could plug pretty much any USB drive into a computer and boot it. The obvious security risks had led to increasingly widespread use of UEFI booting with Secure Boot, which would essentially refuse to boot most Legacy systems. To boot TENS, I would have to go into what was still often called “the BIOS” — that is, the UEFI setup utility. This would traditionally require hitting F2 before or during the computer’s bootup diagnostic or splash screen. If that didn’t work, it might be necessary to look at the motherboard’s user manual.Once the user was in the BIOS, s/he would have to change it to boot in Legacy mode.
If the BIOS was passworded, as it could well be on a security-oriented system, then I wouldn’t be able to boot TENS unless I had that password or reflashed the BIOS (by e.g., booting with and running the motherboard’s flash utility) — which could make the owner of that computer quite unhappy. This could all add up to a rather complicated scenario for the user who just wanted a simple plug-and-play secure USB drive. It did seem that, if the TENS people updated their tool, they might bring it into the UEFI world. Possibly a Windows To Go version would be an answer.I didn’t have those problems: I was able to configure my own desktop computer to boot in Legacy mode. To do that, in this computer’s ASUS UEFI BIOS Utility (Advanced Mode), I had to change OS Type from UEFI to Other OS, and Compatibility Support Module to Legacy only.
Then I had to reboot and let it run (or, if the system contained other bootable drives, hit F9, or perhaps some other key for some motherboards, to choose from among multiple boot options). Then I booted the TENS USB drive, and after a pause of a minute or so at “Loading /boot/initrd,” it ran successfully.
(TENS offered for problems with booting, among other things.) Here, again, the experiences with the Public and Deluxe editions were identical.Comparing the TENS Public and Deluxe EditionsWhen the Public edition ran, it gave me desktop icons for Firefox, Encryption Wizard, User’s Guide, and KINGSTON. I briefly explored these items:. User’s Guide was a 62-page PDF that opened in the Linux Evince viewer (2014 edition; see also ).
I found Evince workable but inferior to what I would see in Adobe Acrobat Reader on a Windows system. Firefox ran — very quickly. To go online, I had to go to the network connection icon in the system tray (i.e., at the lower right corner of the screen). If I left-clicked on that icon, my only option was to add a VPN connection. That produced an error: “Error creating connection. No VPN plugins are installed.” This was not what I expected from the User’s Guide (p. 18): it said left-clicking should show me a list of available wireless networks.
The Guide also showed a network icon different from the one appearing on my screen. If, instead, I right-clicked on that network connection icon in the system tray, I could add a WiFi connection. This was not, however, an automatic detection process: it appeared that I would need technical information that I did not have about my own Internet Service Provider (ISP) at home, and almost certainly would not have in some unfamiliar place where I would have the greatest need for the TENS tool. Did not lead readily to a solution. Encryption Wizard seemed to be working, and as noted above, I would soon find that Java was installed, despite what the installer had said.
KINGSTON was the name that I had given to the USB drive when formatting it. Double-clicking on this desktop’s KINGSTON icon opened a Linux File Manager window.
Despite what the installer said about not being able to use the installer as a storage device, I found that I was able to paste the User’s Manual link from the desktop into the KINGSTON drive in that window. Presumably I could have created a storage folder within the Linux installation, even if it did prove impossible to access any disk partitions outside that installation.These outcomes suggested that TENS Public edition had been updated in ways not reflected in the words of the installation batch file.Along with those desktop items and Evince, in the Regular edition, the Start button at the bottom left corner of the screen offered other software:. Configuration. Items in this menu pick consisted of Date and Time, Desktop Settings (i.e., appearance, e.g., fonts), Display Properties, Keyboard, Mouse, Power Management, and Printer Administration. There was also a Java item. It confirmed that Java 8.0201 (2018) was installed. Connectivity.
Items here: Citrix Receiver, Citrix Receiver Preferences, Minicom Terminal Emulator, Network Proxy, Ping, PuTTY, Remote Desktop, SSH, and VMware View Client. My impression was that these were tools one might use in manually setting up or troubleshooting an Internet connection. Debug. Items here: Diagnostics and Task Manager. There was more to Diagnostics than first appeared: I had to keep clicking its OK buttons to get to the next set of options. I tried using it for my WiFi situation, but unfortunately found it unhelpful. The Task Manager tool did not seem to be working, or at least it seemed to say that nothing was running when, in fact, Evince was open.
Documentation. Aside from the User’s Guide, the principal item here was Encryption Wizard User Manual.
Multimedia offered only Volume Control. Security. Items here: Check for OpenDNS and Enable DNSCrypt. Utilities. This last category on the Start menu (aside from Shutdown) contained most of the useful if basic software: Calculator, CD Burning, Character Map, File Manager (not available via Win-E), Image Viewer, Onscreen Keyboard, Paint, SCR Firmware Update, Terminal Emulator, Text Editor, and UnZip.The Deluxe edition was the same in most regards. The Networking icon in the system tray worked — or, more accurately, failed to work — the same as in the Regular edition.
The Deluxe desktop offered one additional icon, for LibreOffice. That loaded successfully and ran quickly. The Start menu offered the same categories, with just a few additional items: I noticed Adobe Reader 9, Instant Messaging, Secure Email, and Media Player. Although Adobe 9 would be superior for some purposes, it appeared that it was too old for the font used in the User’s Guide: the text was rendered strangely.
Could be a solution.Perhaps it was necessary, for DoD purposes, to endure the overhead of offering two separate, highly similar editions for public use. But I would expect a private developer to either merge these two products or differentiate them more sharply, presumably by adding more software and/or better-developed features to the Deluxe version. Possibilities in that direction could include basing Deluxe on a more secure or Internet-oriented Linux distribution (e.g., Tails, Peppermint), including a preconfigured VPN, using a more secure browser (e.g., Brave), and adding more privacy- and security-oriented extensions (e.g., Disconnect, Privacy Badger, LastPass). The following section adds a few other possibilities.Tweaking TENSIf I decided to use TENS, I would surely begin by solving the networking problem, so that I could actually go online as intended. I did not explore that at this time, mostly because I hated trying to troubleshoot WiFi and networking problems. But certainly an ability to explore the use of this tool online would have enhanced my interest in it at this point.It was not clear what “plugins” were intended, in the reference to plugins in connection with Firefox (above).
Did mention several plugins; perhaps these were the only ones available. I was interested in the VPN plugin mentioned above; I just didn’t know where to get it.The installed Firefox seemed willing to synchronize with the user’s Firefox account. This would open up the possibility of synchronizing the user’s Firefox bookmarks. Bookmarks could give the user — especially a user of the non-persistent TENS system — quick access to a wide variety of web-based tools (e.g., Microsoft Office Online, Slack, Dropbox, Evernote, Trello). An alternative would be a bookmark leading to (or, conceivably, by TENS) providing easily accessed links to webpages of interest, including the websites of those cloud tools. Cloud tools could prove superior, in both capability and variety, to the tools presently included in TENS.Firefox extensions could also introduce security risks. I didn’t read the manual in full.
Possibly it warned against this. Possibly a highly secure public version of TENS would restrict or at least warn against naive synchronizing of Firefox extensions.I appreciated the advice about removing the TENS drive quickly, interpreted (above) as seeking to protect it from possible infection.
Given the relative scarcity of Linux malware, however, there was also an argument for making that bootable USB drive as useful as possible, especially for users who wouldn’t or couldn’t reliably use two USB drives in every TENS session. These days, it was getting hard to find USB drives as small as 4GB. Thus there was likely to be a large amount of unused space available on the TENS drive. According to StackExchange discussions, Windows was only capable of seeing the first partition on a USB drive. It seemed, then, that the Linux bootable partition should be the second partition on the USB drive, and the first one should be formatted in FAT32, so that both Windows and TENS could use it. Ideally the TENS setup would take care of that. I tried doing it myself.
I used a partitioner to move the TENS partition to the last 4GB of its USB drive, and to create a 25GB partition that I labeled as TENStorage and set as drive J. Unfortunately, this experiment failed: the drive was not bootable. Apparently further exploration would be needed to figure out where I had departed from the suggestions in those StackExchange discussions.I was not sure whether it would also be possible to run other software within the TENS system. For instance, MakeTechEasier (Tee, ) listed a miser’s dozen portable Linux apps.
The question was whether TENS would run them, if I plugged in a second USB drive containing those tools. This was another question that I might explore if I went further with TENS.
The intent of this website is to assist youwith the installation of software so you can use your CAC on yourWindows Personal Computer.I have devised 5 different methods for you toutilize to install the software.1. Click the Software & Install Button(second button from the left) in the row of buttons near the top of everypage in the site. Once you click the Software & Install Button, followthe buttons from left to right.2. Use theat the top of every page (left of the MilitaryCAClogo)3. Use the Installation Steps above4.
Use the ' notes page.5. Watchshowing and explaininghow to install the softwareIf you would like to utilize your CAC to only logon to your webmail, AKO, or other CACenabled sites ( and not sign forms), consider usingand not install any CAC software onyour computer.Please utilize the to contact the official help desks, ask Questions, offer Comments, Ideas, and / orSuggestions.
This websitewas developed and is personally maintained by This website was created because of thelack of information available to show how to utilize Common AccessCard (CAC)s on Personal Computers. MilitaryCAChas been online since 9 November 2007 and has over 121individual pages of information and support. Hoi4 baltic union. I am the content provider for theArmy Knowledge Online (AKO). I am not employed by AKO, but, assist byanswering emails addressed to AKO dot CAC at MilCAC dot US andmaintain the pages related to CAC.This website is designed to primarilyassistusingMicrosoft Windows.