Re: Internet Cafe
From: Nick Shapley (nick.shapley@ntlworld.com)
Date: 01/17/03
- Previous message: Talisker: "Re: Network Scan"
- In reply to: Matti Haack: "Re: Internet Cafe"
- Next in thread: Sarbjit Singh Gill: "RE: Internet Cafe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Nick Shapley" <nick.shapley@ntlworld.com> To: <security-basics@securityfocus.com> Date: Fri, 17 Jan 2003 21:43:08 -0000
Linux is the way to go. I use Squid to throttle certain downloads on my
network.
If you haven't already found it, check out
http://www.tldp.org/HOWTO/Bandwidth-Limiting-HOWTO/
As for monitoring, you could even use something like snort to alert you of
both external and internal threats.
Make sure NTFS permissions are set on the W2K boxes (and use them!) and
limit them to save to only to a network drive.
You can set Linux up with the latest Samba and it will act as a W2K DC (the
clients can't tell the difference!), another think to mention is that it
might be worth using some form of imaging software, such as Norton Ghost to
distribute the clients, especially when patching etc.
Regards,
Nick
----- Original Message -----
From: "Matti Haack" <m.haack@haack-it.de>
To: <security-basics@securityfocus.com>
Sent: Friday, January 17, 2003 11:56 AM
Subject: Re: Internet Cafe
>
>
>
> > Anyways, anyone got any suggestions/comments on what I really have to
> > look out for? I'm thinking it should be reasonably secure, but in places
> > like this you always have the added risc of people wanting to damage the
> > OS/system or use it as a place from which to attack others.
> Install a personal firewall. (www.kerio.com)
>
> I suggest kerios Personal firewall for some reasons:
> - You can create a policy file on one maschine and copy it to all the
> others
> - The Firewall administration can be looked down with a password
> - It calculates MD5 Chekcsums for all used applications, so that you
> can't rename a forbidden aplication to a allowed and pass the firewall
> with this.
> - It knows trusted adress groups, maybe to allow some more network Traffic
> inside your cafe (for games etc.)
>
> Allow only IE and whatever you like to allow for your customers.
> Switch off learning mode, set a password. So noone can use newly
> installed Internet Software like Kazaa or a massmailer.
>
> with best regards
> Matti Haack
>
> -
> Matti Haack - Hit Haack IT Service Gmbh
> Neuburger Strasse 35, D-94032 Passau
> +49 851 50477-22 Fax: +49 851 50477-29
> http://www.haack-it.de
- Next message: Robert Buel: "RE: Email server+network architecture"
- Previous message: Talisker: "Re: Network Scan"
- In reply to: Matti Haack: "Re: Internet Cafe"
- Next in thread: Sarbjit Singh Gill: "RE: Internet Cafe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
