Security Basics mailing list archives
RE: Internet Cafe
From: Will Munkara-Kerr <WillM () cs nsw gov au>
Date: Thu, 16 Jan 2003 10:41:00 +1100
<snip>
Basically all I want to allow them is using IE on websites/ftp sites, they should be able to download, but only to a single folder and msn messenger should work.
How about you lock the firewall down with a deny all in/out, and then simply open the ports you're allowing them to have, or, as required, or, as policy changes etc. Only pass out ports related to icq, irc, realplayer, msn and, naturally, http/ftp/ssh etc etc as required. (check http:www.portsdb.org for good listings) This way other outgoings (kazaa etc) are dropped unless added explicitly.
Anyways, anyone got any suggestions/comments on what I really have to look out for? I'm thinking it should be reasonably secure, but in places like this you always have the added risc of people wanting to damage the OS/system or use it as a place from which to attack others.
openbsd. you might even want to use nat on the internal net making it harder for external attackers. Although this can be a bit of a hassle for setting up online gaming unless you know exactly what you're doing. In regards to downloading to a single folder, i assume this can be done in win2k by settin the customer account to write only to that folder.
Kind regards and TIA, Ferry van Steen
hope it helps, .will will () uncompiled com "This message is intended for the addressee named and may contain confidential information. If you are not the intended recipient, please destroy it and notify the sender. Views expressed in this message are those of the individual sender, and are not necessarily the views of the Central Sydney Area Health Service."
Current thread:
- RE: Internet Cafe, (continued)
- RE: Internet Cafe Ogden, Earl (Jan 17)
- RE: Internet Cafe Paul Baugher (Jan 17)
- RE: Internet Cafe squid (Jan 19)
- RE: Internet Cafe Terry Peterson (Jan 19)
- RE: Internet Cafe Gunn, Jeff (Jan 21)
- Very basic security question: Ing. Bernardo Lopez (Jan 23)
- Re: Very basic security question: Diego Figueroa (Jan 24)
- Re: Very basic security question: Brad Arlt (Jan 24)
- Message not available
- Re: Very basic security question: Brad Arlt (Jan 27)
- Very basic security question: Ing. Bernardo Lopez (Jan 23)