<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.21">
<TITLE>Secure Boot CDs for VPN HOWTO: Bits and Pieces</TITLE>
<LINK HREF="Secure-BootCD-VPN-HOWTO-14.html" REL=next>
<LINK HREF="Secure-BootCD-VPN-HOWTO-12.html" REL=previous>
<LINK HREF="Secure-BootCD-VPN-HOWTO.html#toc13" REL=contents>
</HEAD>
<BODY>
<A HREF="Secure-BootCD-VPN-HOWTO-14.html">Next</A>
<A HREF="Secure-BootCD-VPN-HOWTO-12.html">Previous</A>
<A HREF="Secure-BootCD-VPN-HOWTO.html#toc13">Contents</A>
<HR>
<H2><A NAME="s13">13.</A> <A HREF="Secure-BootCD-VPN-HOWTO.html#toc13">Bits and Pieces</A></H2>
<H2><A NAME="ss13.1">13.1</A> <A HREF="Secure-BootCD-VPN-HOWTO.html#toc13.1">Making a Windows autorun CD.</A>
</H2>
<P>Due to a policy decision, we will not be deploying this, although it does work. The security concerns over this method include the following:
<OL>
<LI>Key logger on the host Windows (tm) machine. This could conceivably be used to capture the private key password and potentially grant unauthorized access.</LI>
<LI>Malware on the host Windows (tm) machine. Might be able to send through the VPN...seems unlikely.</LI>
<LI>A virus on the host Windows (tm) machine. Might be able to propagate itself through to the internal network...again this seems unlikely.</LI>
</OL>
</P>
<P>This is what you do to create one. This method is likely useful for other projects.
<OL>
<LI>
<BLOCKQUOTE><CODE>
<PRE>
mkdir win-qemu-yourvpn-cd
</PRE>
</CODE></BLOCKQUOTE>
</LI>
<LI>Download qemu-0.8.2-windows.zip from http://www.h7.dion.ne.jp/ qemu-win/</LI>
<LI>Unzip qemu-0.8.2-windows.zip into the win-qemu-yourvpn-cd directory.</LI>
<LI>Move all the qemu-0.8.2-windows files up one directory. Remove the qemu-0.8.2 directory.</LI>
<LI>Make an icon file. I used a stock one and resized with GIMP.</LI>
<LI>Create an autorun.inf file in win-qemu-yourvpn-cd directory containing the following:
<BLOCKQUOTE><CODE>
<PRE>
[autorun]
icon=youricon.ico
open=yourvpn.bat
</PRE>
</CODE></BLOCKQUOTE>
</LI>
<LI>Copy qemu-win.bat to yourvpn.bat.</LI>
<LI>Edit yourvpn.bat replacing the last line in the file with:
qemu.exe -L . -m 64 -soundhw all -localtime -cdrom yourvpn.iso</LI>
<LI>Copy the fully made bootable .ISO image yourvpn.iso from where it is currently to win-qemu-yourvpn-cd</LI>
<LI>Make an ISO of this directory:
mkisofs -pad -l -r -J -V "WQYOURVPN v0.1" -hide-rr-moved -o wqyourvpn.iso /home/jeff/Desktop/win-qemu-yourvpn-cd/</LI>
<LI>Burn the ISO and try it on a Windows (tm) box.
</LI>
</OL>
</P>
<HR>
<A HREF="Secure-BootCD-VPN-HOWTO-14.html">Next</A>
<A HREF="Secure-BootCD-VPN-HOWTO-12.html">Previous</A>
<A HREF="Secure-BootCD-VPN-HOWTO.html#toc13">Contents</A>
</BODY>
</HTML>
