RE: Internet Cafe

["b4rtm4n" <root () localhost securityfocus com>]

Hi Ferry,

I've spoken to a couple of guys that run 'net cafes and they clone the
base pc and re-clone them daily/weekly depending on the usage.

If you want to use w2k you can lock down a basic set up
(%systemroot%\secturity) and dd or ghost it, and re-load it daily or to
your prefered schedule. 

Ideally I'd choose a Linux desktop & Netscape/Konquerer but I understand
the need to use IE as most commercial sites don't cater for anything
else.

Best of luck!


_________________________________________
A J Hammond CCNA

_________________________________________


-----Original Message-----
From: Ferry van Steen [mailto:ferry.van.steen () InfoPart nl] 
Sent: 15 January 2003 07:38
To: security-basics () securityfocus com
Subject: Internet Cafe


Hey there,

for the first time I have to setup an internet cafe. I want to use Win2k
on the workstations and "cripple" it using the policies it has, then use
linux as a firewall/proxy with squid. Having only a proxy and not a
gateway should already narrow down a lot of security issues, but I
believe kazaa and some others still work through proxies and I have
hardly any idea on how secure the win2k policies are... Basically all I
want to allow them is using IE on websites/ftp sites, they should be
able to download, but only to a single folder and msn messenger should
work.

Anyways, anyone got any suggestions/comments on what I really have to
look out for? I'm thinking it should be reasonably secure, but in places
like this you always have the added risc of people wanting to damage the
OS/system or use it as a place from which to attack others.

Kind regards and TIA,

Ferry van Steen