Security Basics mailing list archives

RE: Internet Cafe

From: "Gunn, Jeff" <Jeff.Gunn () FMR COM>
Date: Fri, 17 Jan 2003 13:32:26 -0500


Along the same lines, maybe something like this - 

http://www.packeteer.com/products/packetshaper/

I know of some people on my thin-client mailing list that have used it and
gotten good results.

        -Jeff

-----Original Message-----
From: DeNoyer, Rick [mailto:rdenoyer () Salinas gannett com]
Sent: Thursday, January 16, 2003 2:06 PM
To: Terry Peterson; security-basics () securityfocus com
Subject: RE: Internet Cafe

Have you tried to use "Bandwith Throttling" at the 
NAT/Firewall per ip address?  If you use DHCP perhaps you can 
just include that whole scope in the rules you decide to set 
up.  I know this works with IPFW on BSD.

-Rick DeNoyer

-----Original Message-----
From: Terry Peterson [mailto:tpeterson () snocom org]
Sent: Wednesday, January 15, 2003 12:32 PM
To: security-basics () securityfocus com
Subject: RE: Internet Cafe

I currently own an internet cafe.  Instead of applying strict 
policies we
have decided to image the hard drives often.  We have found 
that we had to
lock down the boxes to tight that they became difficult for 
our customers to
use.  So far, we have not had anyone attempting to compromise 
the systems or
use our center to source attacks.  Out biggest problem is 
figuring out a way
to limit bandwidth usage.  Is anyone aware of anyway to limit download
bandwidth on a per machine basis?

Terry Peterson

-----Original Message-----
From: Ferry van Steen [mailto:ferry.van.steen () InfoPart nl]
Sent: Tuesday, January 14, 2003 11:38 PM
To: security-basics () securityfocus com
Subject: Internet Cafe

Hey there,

for the first time I have to setup an internet cafe. I want 
to use Win2k
on the workstations and "cripple" it using the policies it 
has, then use
linux as a firewall/proxy with squid. Having only a proxy and not a
gateway should already narrow down a lot of security issues, but I
believe kazaa and some others still work through proxies and I have
hardly any idea on how secure the win2k policies are... 
Basically all I
want to allow them is using IE on websites/ftp sites, they should be
able to download, but only to a single folder and msn messenger should
work.

Anyways, anyone got any suggestions/comments on what I really have to
look out for? I'm thinking it should be reasonably secure, 
but in places
like this you always have the added risc of people wanting to 
damage the
OS/system or use it as a place from which to attack others.

Kind regards and TIA,

Ferry van Steen

Current thread:

RE: Internet Cafe, (continued)
- - RE: Internet Cafe Jason Burzenski (Jan 17)
  - RE: Internet Cafe Jason Dixon (Jan 20)
  - Re[2]: Internet Cafe Malte von dem Hagen (Jan 21)
  - Re: Internet Cafe Igor D. Spivak (Jan 21)
- RE: Internet Cafe Stephen A. Santos (Jan 17)
- RE: Internet Cafe DeNoyer, Rick (Jan 17)
- RE: Internet Cafe Ogden, Earl (Jan 17)
- RE: Internet Cafe Paul Baugher (Jan 17)
- RE: Internet Cafe squid (Jan 19)
- RE: Internet Cafe Terry Peterson (Jan 19)
- RE: Internet Cafe Gunn, Jeff (Jan 21)
  - Very basic security question: Ing. Bernardo Lopez (Jan 23)
    - Re: Very basic security question: Diego Figueroa (Jan 24)
    - Re: Very basic security question: Brad Arlt (Jan 24)
    - Message not available
    - Re: Very basic security question: Brad Arlt (Jan 27)
- RE: Internet Cafe Nick Besant (Jan 21)
- RE: Internet Cafe Will Munkara-Kerr (Jan 21)
- Re: Internet Cafe Ricardo Castanho de Oliveira Freitas (Jan 23)
- RE: Re[2]: Internet Cafe Paul Stewart (Jan 23)