Re: Securing common access computers

[Zach Jansen <zjanse20 () CALVIN EDU>]

We use a program called Deepfreeze from Faronics to secure the public lab machines from configuration changes. 
Basically it removes any changes from a machine upon reboot, returning it to the state it was deployed in. The nice 
thing here is that students can do whatever they want on the machines, such as install software, change settings, and 
it's removed on reboot. Faronics has a similar program for kiosk type machines, though it has some additional browser 
lockdown features. 

We do have individual logins for accountability, except on kiosk machines, and have few problems with misuse. Kiosk 
machines are more likely to be abused since anyone can use them without a login. Deepfreeze does tend to make 
investigation harder, though not impossible.

Hardware keyloggers are certainly a threat, though I've yet to run into one in my environment.

Zach Jansen





-- 
Zach Jansen
Information Security Officer
Calvin College
Phone: 616.526.6776
Fax: 616.526.8550

> > > On 3/24/2010 at 12:08 PM, in message
<EB4A14AA71CE71448233A27D6E0953B101DF98C3392E () SNHU-CCR-A snhu edu>, "Witmer,
Robert" <r.witmer () SNHU EDU> wrote:
> Even though we require every student to have a laptop computer, historically 
> our organization has provided personal computers in common areas around main 
> campus/remote campuses for students to access specialized software, print 
> papers, access email or their student accounts, etc.   I'm wondering how 
> other organizations are securing their common access computers located in pc 
> labs, library, etc.  Specifically, from a hardware point of view, does 
> someone inventory every device for hardware key loggers/recording devices?  
> Do you require users to log into the machine for accountability?  Do you 
> restrict users from executing programs other than those you've loaded on the 
> pc?
>
> Thanks,
> Bob
>
>
> Please consider the environment before printing this e-mail.