Security Basics mailing list archives
RE: Internet Cafe
From: Jason Dixon <jasondixon () myrealbox com>
Date: 16 Jan 2003 14:43:11 -0500
On Wed, 2003-01-15 at 15:31, Terry Peterson wrote:
I currently own an internet cafe. Instead of applying strict policies we have decided to image the hard drives often. We have found that we had to lock down the boxes to tight that they became difficult for our customers to use. So far, we have not had anyone attempting to compromise the systems or use our center to source attacks. Out biggest problem is figuring out a way to limit bandwidth usage. Is anyone aware of anyway to limit download bandwidth on a per machine basis?
OpenBSD allows QoS queuing via the altq mechanism. You can configure your bandwidth allotments in a number of different ways. You'll want to learn more about QoS before you try it though. There are some descriptions of the different queuing algorithms on the 3.2 manpage: http://www.openbsd.org/cgi-bin/man.cgi?query=altq.conf&sektion=5&apropos=0&manpath=OpenBSD+3.2&arch=i386 Note, however, that the altq functionality is being merged into the PF firewalling code in the -current tree. The altq code has been under heavy restructuring (not necessarily bugfixes) lately due to the merge, so you might want to upgrade to the -current tree from the -release tree, to ensure forward compatibility with 3.3. -J.
-----Original Message----- From: Ferry van Steen [mailto:ferry.van.steen () InfoPart nl] Sent: Tuesday, January 14, 2003 11:38 PM To: security-basics () securityfocus com Subject: Internet Cafe Hey there, for the first time I have to setup an internet cafe. I want to use Win2k on the workstations and "cripple" it using the policies it has, then use linux as a firewall/proxy with squid. Having only a proxy and not a gateway should already narrow down a lot of security issues, but I believe kazaa and some others still work through proxies and I have hardly any idea on how secure the win2k policies are... Basically all I want to allow them is using IE on websites/ftp sites, they should be able to download, but only to a single folder and msn messenger should work. Anyways, anyone got any suggestions/comments on what I really have to look out for? I'm thinking it should be reasonably secure, but in places like this you always have the added risc of people wanting to damage the OS/system or use it as a place from which to attack others. Kind regards and TIA, Ferry van Steen
Current thread:
- Internet Cafe Ferry van Steen (Jan 15)
- RE: Internet Cafe Nicko Demeter (Jan 16)
- Re: Internet Cafe Matti Haack (Jan 17)
- Re: Internet Cafe Nick Shapley (Jan 17)
- RE: Internet Cafe b4rtm4n (Jan 21)
- <Possible follow-ups>
- RE: Internet Cafe Terry Peterson (Jan 16)
- Re[2]: Internet Cafe Marc Cuypers (Jan 17)
- RE: Internet Cafe Jason Burzenski (Jan 17)
- RE: Internet Cafe Jason Dixon (Jan 20)
- Re[2]: Internet Cafe Malte von dem Hagen (Jan 21)
- Re: Internet Cafe Igor D. Spivak (Jan 21)
- RE: Internet Cafe Stephen A. Santos (Jan 17)
- RE: Internet Cafe DeNoyer, Rick (Jan 17)
- RE: Internet Cafe Ogden, Earl (Jan 17)
- RE: Internet Cafe Paul Baugher (Jan 17)
- RE: Internet Cafe squid (Jan 19)
- RE: Internet Cafe Terry Peterson (Jan 19)
- RE: Internet Cafe Gunn, Jeff (Jan 21)
- Very basic security question: Ing. Bernardo Lopez (Jan 23)
(Thread continues...)