Educause Security Discussion mailing list archives
Re: Securing common access computers
From: David Gillett <gillettdavid () FHDA EDU>
Date: Wed, 24 Mar 2010 14:24:36 -0700
We use DeepFreeze in some areas, but not in all. Besides users (usually students but we don't know that's always the case...) downloading and installing unauthorized software, we have some number who believe they're entitled to unplug the college machine (cutting though any inconvenient cable ties in the way) to plug a personal machine into the network. (Our most serious virus infestations have arrived this way!) And I've had one report of someone bringing in an external FireWire hard drive and rebooting a college machine from it, so although it was mostly legitimate hardware the O/S environment was entirely rogue. David Gillett, CISSP -----Original Message----- From: Zach Jansen [mailto:zjanse20 () CALVIN EDU] Sent: Wednesday, March 24, 2010 13:39 To: SECURITY () listserv educause edu Subject: Re: [SECURITY] Securing common access computers We use a program called Deepfreeze from Faronics to secure the public lab machines from configuration changes. Basically it removes any changes from a machine upon reboot, returning it to the state it was deployed in. The nice thing here is that students can do whatever they want on the machines, such as install software, change settings, and it's removed on reboot. Faronics has a similar program for kiosk type machines, though it has some additional browser lockdown features. We do have individual logins for accountability, except on kiosk machines, and have few problems with misuse. Kiosk machines are more likely to be abused since anyone can use them without a login. Deepfreeze does tend to make investigation harder, though not impossible. Hardware keyloggers are certainly a threat, though I've yet to run into one in my environment. Zach Jansen -- Zach Jansen Information Security Officer Calvin College Phone: 616.526.6776 Fax: 616.526.8550
On 3/24/2010 at 12:08 PM, in message
<EB4A14AA71CE71448233A27D6E0953B101DF98C3392E () SNHU-CCR-A snhu edu>, "Witmer, Robert" <r.witmer () SNHU EDU> wrote:
Even though we require every student to have a laptop computer, historically our organization has provided personal computers in common areas around main campus/remote campuses for students to access
specialized software, print
papers, access email or their student accounts, etc. I'm wondering how other organizations are securing their common access computers located in pc labs, library, etc. Specifically, from a hardware point of view, does someone inventory every device for hardware key
loggers/recording devices?
Do you require users to log into the machine for accountability? Do you restrict users from executing programs other than those you've loaded on the pc? Thanks, Bob Please consider the environment before printing this e-mail.
Current thread:
- Securing common access computers Witmer, Robert (Mar 24)
- <Possible follow-ups>
- Re: Securing common access computers Patrick Goggins (Mar 24)
- Re: Securing common access computers Zach Jansen (Mar 24)
- Re: Securing common access computers Cal Frye (Mar 24)
- Re: Securing common access computers SCHALIP, MICHAEL (Mar 24)
- Re: Securing common access computers Amber Weishaar (Mar 24)
- Re: Securing common access computers Patrick Goggins (Mar 24)
- Re: Securing common access computers Todd Britton (Mar 24)
- Re: Securing common access computers David Gillett (Mar 24)
- Re: Securing common access computers Terence Ma (Mar 24)
- Re: Securing common access computers Michael Sana (Mar 24)
- Re: Securing common access computers SCHALIP, MICHAEL (Mar 24)
- Re: Securing common access computers Michael Sana (Mar 24)
- Re: Securing common access computers Brewer, Alex D (Mar 25)
- Re: Securing common access computers Witmer, Robert (Mar 25)
- Re: Securing common access computers James R. Pardonek (Mar 25)
- Re: Securing common access computers Zach Jansen (Mar 25)