Endpoint security: How to safely access your secure desktop without your laptop

Simple, inexpensive and secure ways to work online without your laptop.

If you travel frequently, there will be times when you don't want to lug your laptop along. Whether you find yourself at a local cybercafé or library, or have to sit down temporarily at a colleague's computer, you need a secure and simple way to get online and get your work done.

These days you can't be too careful. Many public computers are infected with botnets and other malware, or can record your Web site passwords as you surf. The trouble is you don't really know until you sit down at the PC, and then you still might not be aware of what is going on in the background. The ideal situation is to have something simple so that you can't and don't leave any digital tracks or other evidence behind when you are done using your borrowed PC. There are a few solutions that require a bit of pre-planning before you leave for your trip, but aren't onerous, costly or complex.

One way, of course, is to make use of an iPhone or some other smartphone and use the built-in broadband data service and the mobile phone's Web browser. The advantage is that you don't need to carry anything else, and that you can get online quickly and just about anyplace these days. The downside is that the tiny phone screens aren't great for generalized Web browsing, and processing huge email volumes can get tedious. Also, the iPhone doesn’t support Flash so that viewing that kind of content can be frustrating.

A second choice is to purchase a U3 type of USB drive. These have been around for several years and are an inexpensive (less than $20 in most cases) and quick solution. They run on most modern versions of Windows PCs (not Macs though) and contain a piece of software that will launch when the drive is inserted. This can bring up a collection of programs that you configure when you first get the drive, including browsers and the like. Once you setup your U3 drive with the requisite software, you can make whatever changes using the built-in management programs that come with the drive. You can store your preferences and bookmarks on the USB drive, and when you remove it your host PC remains untouched.

u3launch.gif

U3 Lanchpad is used to add new programs to your U3 stick, launch new applications, and set up an overall password for the stick.

Any programs that run on a U3 drive have to be pre-packaged in special u3p files, and a number of USB memory vendors such as SanDisk maintain app catalogs where you can download and then install them.

A third choice is to put an entire bootable PC session on a USB drive itself or on a Live DVD, so that you can run whatever OS and associated programs you like. The trick is figuring out what OS is small enough to fit on a removable drive, although now that USB drives can be found with 16 GB or more capacity that isn't so much of an issue. You also have to make sure that your borrowed PC can boot from a USB or DVD drive too, which is usually set up in the PC BIOS settings.

There are versions of Linux, including Damn Small Linux, that are very tiny and capable.

Damn Small Linux is tiny, and capable of running on a USB drive.

And you can also make use of Google's Chrome OS too. Chrome OS is not to be confused with Google's Chrome Web browser, although there are some similarities. The Chrome OS is fairly limited, and is really what you get when you just have a browser as your entire OS. Here is one place that can offer some advice and sample instructions on how to do this.

chrome.gif

Google's Chrome OS is basically a browser as an OS, allowing you some functionality like saving files.

Then there are products that are designed to use a virtual PC session on a USB key drive that can be setup to your liking. MokaFive and MojoPac.com are two such tools. To assemble your virtual PC, you will need the MokaFive Creator software, which is Windows-only. You start with a base physical machine, such as from the Windows distribution DVD or an ISO image file. You convert this into the LivePC MokaFive format and then run it, making any other configuration changes and adding or deleting any applications, then finally package and upload it to the management service. Once you go through these steps, you can run the virtual PC on either Windows or Macs with the MokaFive player software.

mokafive.gif

Mokafive's separate Creator application is used to build new live PCs that can be run from USB sticks that are basically virtual machines.

Another solution works if your organization supports Windows Terminal Server or equivalents. You can bring up Windows Remote Desktop Connection and connect to your server across the Internet and then run your programs safely within your enterprise's network. There is even a version for Mac clients too. The problem with Remote Desktop is that firewalls and other protective gear can block these sessions, so it isn't the most reliably method of connecting remotely.

Another choice is to just use a regular Web browser on the borrowed PC but make use of an anonymous proxy server. This protects your browser session so that your destination Web sites do not record your IP address, and also so that your browsing history isn't recorded on your borrowed PC. You bring up an anonymizing destination in your browser, such as kproxy.com or Hidemyass.com. Then you type in your Web URL that you want to go and they bring you there anonymously.

All of the above solutions are great if you can't install any software on your borrowed PC. But if you do have access, you can download and install either an anonmyzing tool such as TorProject.org or Ultrareach.org's UltraSurf, or make use of one of any number of virtual private networking services, including Connect in Private and OpenVPN.org. There are also numerous remote control products such as LogMeIn.com and GotoMyPC.com, among others, which can be installed on your borrowed PC and your home or office PC allowing you to control and transfer files back and forth.

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies