Security Basics mailing list archives

Re: Internet Cafe


From: "Igor D. Spivak" <urbanachiever () attbi com>
Date: Thu, 16 Jan 2003 15:42:16 -0800

any good router/swich can shape bandwidth per ip/mac adress. for a small to
medium size operation you can either make your own, or use a netscreen 5
series.

ids
----- Original Message -----
From: "Terry Peterson" <tpeterson () snocom org>
To: <security-basics () securityfocus com>
Sent: Wednesday, January 15, 2003 12:31 PM
Subject: RE: Internet Cafe



I currently own an internet cafe.  Instead of applying strict policies we
have decided to image the hard drives often.  We have found that we had to
lock down the boxes to tight that they became difficult for our customers
to
use.  So far, we have not had anyone attempting to compromise the systems
or
use our center to source attacks.  Out biggest problem is figuring out a
way
to limit bandwidth usage.  Is anyone aware of anyway to limit download
bandwidth on a per machine basis?

Terry Peterson


-----Original Message-----
From: Ferry van Steen [mailto:ferry.van.steen () InfoPart nl]
Sent: Tuesday, January 14, 2003 11:38 PM
To: security-basics () securityfocus com
Subject: Internet Cafe


Hey there,

for the first time I have to setup an internet cafe. I want to use Win2k
on the workstations and "cripple" it using the policies it has, then use
linux as a firewall/proxy with squid. Having only a proxy and not a
gateway should already narrow down a lot of security issues, but I
believe kazaa and some others still work through proxies and I have
hardly any idea on how secure the win2k policies are... Basically all I
want to allow them is using IE on websites/ftp sites, they should be
able to download, but only to a single folder and msn messenger should
work.

Anyways, anyone got any suggestions/comments on what I really have to
look out for? I'm thinking it should be reasonably secure, but in places
like this you always have the added risc of people wanting to damage the
OS/system or use it as a place from which to attack others.

Kind regards and TIA,

Ferry van Steen


Current thread: