69 lines
2.7 KiB
HTML
69 lines
2.7 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
|
|
<HTML>
|
|
<HEAD>
|
|
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.21">
|
|
<TITLE>Secure Boot CDs for VPN HOWTO: Bits and Pieces</TITLE>
|
|
<LINK HREF="Secure-BootCD-VPN-HOWTO-14.html" REL=next>
|
|
<LINK HREF="Secure-BootCD-VPN-HOWTO-12.html" REL=previous>
|
|
<LINK HREF="Secure-BootCD-VPN-HOWTO.html#toc13" REL=contents>
|
|
</HEAD>
|
|
<BODY>
|
|
<A HREF="Secure-BootCD-VPN-HOWTO-14.html">Next</A>
|
|
<A HREF="Secure-BootCD-VPN-HOWTO-12.html">Previous</A>
|
|
<A HREF="Secure-BootCD-VPN-HOWTO.html#toc13">Contents</A>
|
|
<HR>
|
|
<H2><A NAME="s13">13.</A> <A HREF="Secure-BootCD-VPN-HOWTO.html#toc13">Bits and Pieces</A></H2>
|
|
|
|
|
|
|
|
<H2><A NAME="ss13.1">13.1</A> <A HREF="Secure-BootCD-VPN-HOWTO.html#toc13.1">Making a Windows autorun CD.</A>
|
|
</H2>
|
|
|
|
<P>Due to a policy decision, we will not be deploying this, although it does work. The security concerns over this method include the following:
|
|
<OL>
|
|
<LI>Key logger on the host Windows (tm) machine. This could conceivably be used to capture the private key password and potentially grant unauthorized access.</LI>
|
|
<LI>Malware on the host Windows (tm) machine. Might be able to send through the VPN...seems unlikely.</LI>
|
|
<LI>A virus on the host Windows (tm) machine. Might be able to propagate itself through to the internal network...again this seems unlikely.</LI>
|
|
</OL>
|
|
</P>
|
|
<P>This is what you do to create one. This method is likely useful for other projects.
|
|
<OL>
|
|
<LI>
|
|
<BLOCKQUOTE><CODE>
|
|
<PRE>
|
|
mkdir win-qemu-yourvpn-cd
|
|
</PRE>
|
|
</CODE></BLOCKQUOTE>
|
|
</LI>
|
|
<LI>Download qemu-0.8.2-windows.zip from http://www.h7.dion.ne.jp/ qemu-win/</LI>
|
|
<LI>Unzip qemu-0.8.2-windows.zip into the win-qemu-yourvpn-cd directory.</LI>
|
|
<LI>Move all the qemu-0.8.2-windows files up one directory. Remove the qemu-0.8.2 directory.</LI>
|
|
<LI>Make an icon file. I used a stock one and resized with GIMP.</LI>
|
|
<LI>Create an autorun.inf file in win-qemu-yourvpn-cd directory containing the following:
|
|
<BLOCKQUOTE><CODE>
|
|
<PRE>
|
|
[autorun]
|
|
icon=youricon.ico
|
|
open=yourvpn.bat
|
|
|
|
</PRE>
|
|
</CODE></BLOCKQUOTE>
|
|
</LI>
|
|
<LI>Copy qemu-win.bat to yourvpn.bat.</LI>
|
|
<LI>Edit yourvpn.bat replacing the last line in the file with:
|
|
qemu.exe -L . -m 64 -soundhw all -localtime -cdrom yourvpn.iso</LI>
|
|
<LI>Copy the fully made bootable .ISO image yourvpn.iso from where it is currently to win-qemu-yourvpn-cd</LI>
|
|
<LI>Make an ISO of this directory:
|
|
mkisofs -pad -l -r -J -V "WQYOURVPN v0.1" -hide-rr-moved -o wqyourvpn.iso /home/jeff/Desktop/win-qemu-yourvpn-cd/</LI>
|
|
<LI>Burn the ISO and try it on a Windows (tm) box.
|
|
</LI>
|
|
</OL>
|
|
</P>
|
|
|
|
<HR>
|
|
<A HREF="Secure-BootCD-VPN-HOWTO-14.html">Next</A>
|
|
<A HREF="Secure-BootCD-VPN-HOWTO-12.html">Previous</A>
|
|
<A HREF="Secure-BootCD-VPN-HOWTO.html#toc13">Contents</A>
|
|
</BODY>
|
|
</HTML>
|