Re: Asset management, laptops as kiosks

[DaKahuna <da.kahuna () gmail com>]

On Jul 5, 2011, at 5:34 PM, Phillip Fernandes wrote:

> Rob is correct, AD still applies. It should be noted however that the 
> user must have logged on the machine at least once for caching to work.
> What I normally do is create a global user with minimal rights 
> specifically for access to machines used in trade shows. 
> As you said, you can also create a local user for each machine, but the 
> process becomes tedious when working with many devices. 
>
> This email was sent from a Blackberry device.
>
> ----- Original Message -----
> From: Rob <synja () synfulvisions com>
> To: forest.monsen () gmail com <forest.monsen () gmail com>; 
> listbounce () securityfocus com <listbounce () securityfocus com>; 
> security-basics () securityfocus com <security-basics () securityfocus com>
> Sent: Tue Jul 05 14:25:59 2011
> Subject: Re: Asset management, laptops as kiosks
>
> Active Directory still applies, even if a DC cannot be reached, you just 
>
> have to make sure information is cached.
>
> Rob
> Sent via BlackBerry by AT&T
>
> -----Original Message-----
> From: forest.monsen () gmail com
> Sender: listbounce () securityfocus com
> Date: Tue, 5 Jul 2011 17:58:16 
> To: <security-basics () securityfocus com>
> Subject: Asset management, laptops as kiosks
>
> I'm working with a group that has set aside essentially no budget for 
> security, or even for a new laptop at this point.
>
> They do have several Windows 7 laptops. They want to use them both as 
> reduced-capability or locked-down "kiosks" at conferences (usually 
> locked in a cabinet, but with external monitor/mouse/keyboard attached, 
> so hardware ports are not accessible), and also let the staff use them 
> with full capabilities to work when traveling (they may need to update 
> the browser, et cetera).
>
> The organization does already have an Active Directory server setup to 
> authenticate folks when they're working inside their firewall, but at 
> conferences, when they need the "kiosk-style" functionality, they might 
> not have reliable Internet access. So it sounds like they need accounts 
> on the local machine.
>
> Without having their staff memorize new passwords -- one for each 
> laptop's local account in addition to their Active Directory-managed 
> password -- what's a good way for them to use these as dual-purpose 
> machines?

 So I assume having a locked down laptop which boots up without requiring a user ID and contains a VPN back to the 
company network, where they would have to log in with their credentials is out of the question? 

 You take a chance when you use them for mixed purposes with someone being able to gain access to another user's 
information.  




------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------