RE: Securing Linux based public access terminals

[tbishop () micron com]

Hello Andrew,

There is a simple registry key that tells Windows what to use as it's
shell.  On XP, I believe it is "HKLM\Software\Microsoft\Windows
NT\Current Version\Winlogon\Shell" (the default is set to explorer.exe
(REG_SZ).  You can just set this to "iexplore.exe" to load IE by default
(you can then add switches to the command to load a specific site).  You
will have to consider that by using IE, there are many ways that a user
will be able to access the local file system.  Example:  just type "c:\"
into an IE window and it should take you to the root drive.  

I don't have a Windows 2k box handy, but I believe the registry key is
very similar.  

Hope this helps.

Regards,

Thomas Bishop

-----Original Message-----
From: Andrew Shore [mailto:andrew.shore () holistecs com] 
Sent: Thursday, July 15, 2004 7:49 AM
To: security-basics () securityfocus com
Subject: Securing Linux based public access terminals

Hi 

I have a project where I need to give access to the internet to groups
of users who do not work for the company running the workstations.
Hence, the company do not want the users to access any other part of the
network. For reasons too complicated to go into here I can't hive this
portion of the network off onto a DMZ or even a secure vlan.

What I would like to is run a Linux workstation (RedHat probably 9 even
though it's out of support) but when the user logs into the windows
session all they get is the browser. No menus no right click on the desk
top just a basic single application "dumb terminal". I've seen this done
before but it was too well secured for me to see how it was done! Also
I'd like to the workstation to log straight in as a local user with out
user intervention.

Any ideas how I can achieve this or perhaps secure it in another way, I
remember with windows 3.x you could change the windows manager settings
in win.ini and it did exactly what I want. I just really don't want to
use Windows 3.1 ;)

TIA

Andy


------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off 
any course! All of our class sizes are guaranteed to be 10 students or
less 
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of
in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization.

Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------