RE: Internet Cafe

[Will Munkara-Kerr <WillM () cs nsw gov au>]

<snip>
> Basically all I
> want to allow them is using IE on websites/ftp sites, they should be
> able to download, but only to a single folder and msn messenger should
> work.

How about you lock the firewall down with a deny all in/out, and then simply
open the ports you're allowing them to have, or, as required, or, as policy
changes etc. 

Only pass out ports related to icq, irc, realplayer, msn and, naturally,
http/ftp/ssh etc etc as required. 
(check http:www.portsdb.org for good listings)

This way other outgoings (kazaa etc) are dropped unless added explicitly. 

> Anyways, anyone got any suggestions/comments on what I really have to
> look out for? I'm thinking it should be reasonably secure, 
> but in places
> like this you always have the added risc of people wanting to 
> damage the
> OS/system or use it as a place from which to attack others.

openbsd. you might even want to use nat on the internal net making it harder
for external attackers. Although this can be a bit of a hassle for setting
up online gaming unless you know exactly what you're doing. 

In regards to downloading to a single folder, i assume this can be done in
win2k by settin the customer account to write only to that folder. 

> Kind regards and TIA,
>
> Ferry van Steen

hope it helps, 
.will
will () uncompiled com
"This message is intended for the addressee named and may contain
confidential information. If you are not the intended recipient, please
destroy it and notify the sender. Views expressed in this message are those
of the individual sender, and are not necessarily the views of the Central
Sydney Area Health Service."