<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <HTML> <HEAD> <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.21"> <TITLE>Secure Boot CDs for VPN HOWTO: Bits and Pieces</TITLE> <LINK HREF="Secure-BootCD-VPN-HOWTO-14.html" REL=next> <LINK HREF="Secure-BootCD-VPN-HOWTO-12.html" REL=previous> <LINK HREF="Secure-BootCD-VPN-HOWTO.html#toc13" REL=contents> </HEAD> <BODY> <A HREF="Secure-BootCD-VPN-HOWTO-14.html">Next</A> <A HREF="Secure-BootCD-VPN-HOWTO-12.html">Previous</A> <A HREF="Secure-BootCD-VPN-HOWTO.html#toc13">Contents</A> <HR> <H2><A NAME="s13">13.</A> <A HREF="Secure-BootCD-VPN-HOWTO.html#toc13">Bits and Pieces</A></H2> <H2><A NAME="ss13.1">13.1</A> <A HREF="Secure-BootCD-VPN-HOWTO.html#toc13.1">Making a Windows autorun CD.</A> </H2> <P>Due to a policy decision, we will not be deploying this, although it does work. The security concerns over this method include the following: <OL> <LI>Key logger on the host Windows (tm) machine. This could conceivably be used to capture the private key password and potentially grant unauthorized access.</LI> <LI>Malware on the host Windows (tm) machine. Might be able to send through the VPN...seems unlikely.</LI> <LI>A virus on the host Windows (tm) machine. Might be able to propagate itself through to the internal network...again this seems unlikely.</LI> </OL> </P> <P>This is what you do to create one. This method is likely useful for other projects. <OL> <LI> <BLOCKQUOTE><CODE> <PRE> mkdir win-qemu-yourvpn-cd </PRE> </CODE></BLOCKQUOTE> </LI> <LI>Download qemu-0.8.2-windows.zip from http://www.h7.dion.ne.jp/ qemu-win/</LI> <LI>Unzip qemu-0.8.2-windows.zip into the win-qemu-yourvpn-cd directory.</LI> <LI>Move all the qemu-0.8.2-windows files up one directory. Remove the qemu-0.8.2 directory.</LI> <LI>Make an icon file. I used a stock one and resized with GIMP.</LI> <LI>Create an autorun.inf file in win-qemu-yourvpn-cd directory containing the following: <BLOCKQUOTE><CODE> <PRE> [autorun] icon=youricon.ico open=yourvpn.bat </PRE> </CODE></BLOCKQUOTE> </LI> <LI>Copy qemu-win.bat to yourvpn.bat.</LI> <LI>Edit yourvpn.bat replacing the last line in the file with: qemu.exe -L . -m 64 -soundhw all -localtime -cdrom yourvpn.iso</LI> <LI>Copy the fully made bootable .ISO image yourvpn.iso from where it is currently to win-qemu-yourvpn-cd</LI> <LI>Make an ISO of this directory: mkisofs -pad -l -r -J -V "WQYOURVPN v0.1" -hide-rr-moved -o wqyourvpn.iso /home/jeff/Desktop/win-qemu-yourvpn-cd/</LI> <LI>Burn the ISO and try it on a Windows (tm) box. </LI> </OL> </P> <HR> <A HREF="Secure-BootCD-VPN-HOWTO-14.html">Next</A> <A HREF="Secure-BootCD-VPN-HOWTO-12.html">Previous</A> <A HREF="Secure-BootCD-VPN-HOWTO.html#toc13">Contents</A> </BODY> </HTML>