Re: setting up and securing a shared internet terminal

From: armin walland (
Date: 05/11/03

  • Next message: Nick Maclaren: "Re: Closing ports-- in services or inetd.conf?"
    Date: Sun, 11 May 2003 09:21:41 GMT

    On 11 May 2003 00:21:32 -0700, mike <> wrote:
    > hi
    > we have a group of contract software developers working in a room and
    > due to policy reasons, they were not allowed to have internet access.
    > I would like to grant them internet access so that they could do their
    > job better, in the sense that whatever information they need for their
    > programming work, they could get from the internet.
    > In this case, i would like to set up a shared terminal for these
    > developers
    > to use the internet. Then comes to the part of securing this terminal
    > so that
    > they could not download and install software or change any system
    > configurations. They are supposed to only search for information.
    > Could anyone refer me some references/links that talk about this
    > topic.?? (eg which type of OS to use, how and what to tighten..etc.. )
    > or if anyone had experienced setting up this type of terminals please
    > show me some rope. thanks very much.

    i once saw a public shared computer that IMO was very well secured.
    it was running linux with no window manager installed.
    X was started via init and as an xclient only one mozilla window
    (without window manager) was opened.
    ctrl alt bkspc and ctr alt del were disabled, also all ttys. mozilla had
    tabbed browsing enabled so you weren't restricted to one window.

    however i do not know how they dealt with downloading. one idea might be
    to set the efault download location to be /dev/null and disable the
    download manager and the progress box and furthermore remove write
    access to all the user's homedirectory (not sure if mozilla will start
    then though, you'd have to try)

    hth, armin

    life, the universe and everything

  • Next message: Nick Maclaren: "Re: Closing ports-- in services or inetd.conf?"

    Relevant Pages

    • Re: Worm or hacker worries
      ... (e.g., "c:\New Folder") ... Download SYSCLEAN.COM and place it in that directory. ... If you are using WinME or WinXP, disable System Restore ... | block internet access with ZA, internet access is stopped for a while then ...
    • Re: Internet Access at the Resorts
      ... But if you want to download large files, ... Despite the impression many people have about broadband access, about 2/3 of everyone in the United States still gets their usual Internet access via dial-up and an Internet Service Provider. ... Instead, for 75-cents, the charge for a local phone call at the resorts, I simply dialed up my ISP's local Orlando number. ...
    • Re: Full install files for IE6?
      ... It never ceases to amaze me ... I am running WIN2K pro and do have internet access. ... After the download I transfered the files to my NT server and ran ...
    • Re: Impossible to download WebPACK?
      ... You would log in and get what you needed immediately and totally free - ... Internet access was ... log in, you browse to what you want, you download it. ... through eleven million pages of portals and advertisements and "let's ...
    • Re: Drawing gradients in X11 and transparent windows
      ... A way to find the code is to download the GTK/GDK source and look ... its just a wrapper around native X code. ... simply need to set a window property that the composite window manager ...