Security Basics mailing list archives

Re: Internet Cafe

From: "Nick Shapley" <nick.shapley () ntlworld com>
Date: Fri, 17 Jan 2003 21:43:08 -0000

Linux is the way to go. I use Squid to throttle certain downloads on my
network.
If you haven't already found it, check out
http://www.tldp.org/HOWTO/Bandwidth-Limiting-HOWTO/

As for monitoring, you could even use something like snort to alert you of
both external and internal threats.
Make sure NTFS permissions are set on the W2K boxes (and use them!) and
limit them to save to only to a network drive.
You can set Linux up with the latest Samba and it will act as a W2K DC (the
clients can't tell the difference!), another think to mention is that it
might be worth using some form of imaging software, such as Norton Ghost to
distribute the clients, especially when patching etc.

Regards,

Nick

----- Original Message -----
From: "Matti Haack" <m.haack () haack-it de>
To: <security-basics () securityfocus com>
Sent: Friday, January 17, 2003 11:56 AM
Subject: Re: Internet Cafe

Anyways, anyone got any suggestions/comments on what I really have to
look out for? I'm thinking it should be reasonably secure, but in places
like this you always have the added risc of people wanting to damage the
OS/system or use it as a place from which to attack others.

Install a personal firewall. (www.kerio.com)

I suggest kerios Personal firewall for some reasons:
- You can create a policy file on one maschine and copy it to all the
others
- The Firewall administration can be looked down with a password
- It calculates MD5 Chekcsums for all used applications, so that you
can't rename a forbidden aplication to a allowed and pass the firewall
with this.
- It knows trusted adress groups, maybe to allow some more network Traffic
inside your cafe (for games etc.)

Allow only IE and whatever you like to allow for your customers.
Switch off learning mode, set a password. So noone can use newly
installed Internet Software like Kazaa or a massmailer.

with best regards
     Matti Haack

-
Matti Haack - Hit Haack IT Service Gmbh
Neuburger Strasse 35, D-94032 Passau
+49 851 50477-22 Fax: +49 851 50477-29
http://www.haack-it.de

Current thread:

Internet Cafe Ferry van Steen (Jan 15)
- RE: Internet Cafe Nicko Demeter (Jan 16)
- Re: Internet Cafe Matti Haack (Jan 17)
  - Re: Internet Cafe Nick Shapley (Jan 17)
- RE: Internet Cafe b4rtm4n (Jan 21)
- <Possible follow-ups>
- RE: Internet Cafe Terry Peterson (Jan 16)
  - Re[2]: Internet Cafe Marc Cuypers (Jan 17)
  - RE: Internet Cafe Jason Burzenski (Jan 17)
  - RE: Internet Cafe Jason Dixon (Jan 20)
  - Re[2]: Internet Cafe Malte von dem Hagen (Jan 21)
  - Re: Internet Cafe Igor D. Spivak (Jan 21)
- RE: Internet Cafe Stephen A. Santos (Jan 17)
- RE: Internet Cafe DeNoyer, Rick (Jan 17)
- RE: Internet Cafe Ogden, Earl (Jan 17)

(Thread continues...)