Educause Security Discussion mailing list archives
Re: Keyloggers in computer labs
From: "Syrigos, Panagis" <syrigos () UMICH EDU>
Date: Tue, 7 Feb 2006 10:21:00 -0500
Hello, Here at the library of the University of Michigan we don't allow administrator accounts to login to our labs. We have 3 labs with workstations and one lab with terminals serviced by a TS server. We require that each instructor notifies us beforehand (at least 3 weeks) of the list of software they need to install and we determine whether the software can be run in a locked down environment or not. If it's not possible, we deny the request or, more often, try to find another app that will do the trick for them. All of the software we use can run in a locked down environment by granting write permissions to the folder it was installed, or to certain registry keys. FileMon, RegMon from www.sysinternals.com and RunAs that is provided by Windows are the tools we use. Although we have not come across something that just doesn't work, we are confident that if indeed such a monstrosity exists, we can use "RunAs" in a batch file to run just the app with admin privileges and not the entire session. If the instructor *has* to teach their students how to install a certain piece of software, we are in the process starting to provide them with a Virtual PC image that has no connectivity to the 'net. Once the class is done, we will be trashing the image and copy a fresh image back to the computers. HTH, Panagis Panagis Syrigos System Administrator II Library Information Technology University of Michigan ------------------------------ And on the 8th day God said, "Ok Murphy, you take over." -----Original Message----- From: Kay Sommers [mailto:ksommers () VCU EDU] Sent: Monday, February 06, 2006 9:09 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Keyloggers in computer labs How are you protecting your computer labs from the installation of keyloggers? Lab managers want to use local administrator or power user accounts on these machines so that various applications run properly, but of course, that exposes these public machines to the possibility of anything being installed. Re-imaging or return point strategies such as Deep Freeze still leave the machines vulnerable for a certain period of time. What approaches are being used to protect public machines other than not allowing privileged logins?
Current thread:
- Re: Keyloggers in computer labs, (continued)
- Re: Keyloggers in computer labs James Cooley (Feb 06)
- Re: Keyloggers in computer labs Valdis Kletnieks (Feb 06)
- Re: Keyloggers in computer labs Lucas, Bryan (Feb 06)
- Re: Keyloggers in computer labs stanislav shalunov (Feb 06)
- Re: Keyloggers in computer labs Valdis Kletnieks (Feb 07)
- Re: Keyloggers in computer labs Gary Flynn (Feb 07)
- Re: Keyloggers in computer labs Graham Toal (Feb 07)
- Re: Keyloggers in computer labs clementz.7 (Feb 07)
- Re: Keyloggers in computer labs Gary Flynn (Feb 07)
- Re: Keyloggers in computer labs Drake, Craig (Feb 07)
- Re: Keyloggers in computer labs Syrigos, Panagis (Feb 07)
- Re: Keyloggers in computer labs Les LaCroix (Feb 07)
- Re: Keyloggers in computer labs Brad Judy (Feb 07)
- Re: Keyloggers in computer labs Graham Toal (Feb 07)
- Re: Keyloggers in computer labs Graham Toal (Feb 07)
- Re: Keyloggers in computer labs Drake, Craig (Feb 07)
- Re: Keyloggers in computer labs Dave Koontz (Feb 07)