Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: Computer Lab in a Jail...
From: "Scott Webster" <websterstech () gmail com>
Date: Sun, 19 Sep 2010 10:06:35 -0700

I have used SteadyState and it should do what you are looking for. I agree
you should eliminate the network altogether. Most if not all of these guys
will have never even seen steadystate or have a clue on how to bypass it.

-----Original Message-----
From: pauldotcom-bounces () mail pauldotcom com
[mailto:pauldotcom-bounces () mail pauldotcom com] On Behalf Of Brian H
Sent: Sunday, September 19, 2010 12:36 AM
To: PaulDotCom Security Weekly Mailing List
Subject: [Pauldotcom] Computer Lab in a Jail...

I wanted to get some input from the security professionals point of view on
my situation.

I've been contacted by a local county detention center (read: JAIL), to help
with a computer lab that keeps getting pwned.  They keep having problems
with MP3s, Porn, and Gang communication on these computers.  They say they
keep trying to clean them up, but the next day everything is back.

I don't trust these computers one bit, I've already found an number of
questionable programs/processes (that I've removed), and some trojans in the
form of Adobe CS4 cracks that were placed on the hard drives.

My first objective is (scorched earth) to reinstall from scratch, but that
is on hold while they find the install CD's and Keys.  I've been told these
will not be available until later this week, but the first class of the new
session will happen before that. 

So, in the meantime, I have to clean & lock these down as much as I can
while letting the students still run the class programs and save their work
somewhere.
        
Environment:
        - 20 Lab/Student machines, 1 instructor
        - Two (2h) classes per day, AM (beginner) and PM (advanced)
        - Windows Vista Home Basic, Dell Optiplex 360, 2GB RAM, 130GB HD
        - No server
        - Students on closed network, unless teacher plugs in uplink cable
        - Students used to drop off work over network to teacher's PC.
        - Teacher has filtered Internet access cable next to their PC
        - Classes cover basic Office Suite, Typing, and IC3 Certification.
        - Previous IT person had "flexible morals", did favors for inmates.

Ongoing problems:
        - Some malicious, computer savvy, felons
        - Gang messages hidden on the system to communicate to other members
        - Gang communication and file sharing across LAN in class
        - Porn and MP3 being spread between computers

Options:
        - Removing all non essential programs
        - Installing and using Microsoft SteadyState
        - Creating student profile, with standard permissions
        - Enabling parental controls on student profile, app limitations,
etc.
        - Disabling network switch (in the class room)
        - Disabling NIC in BIOS
        - Password protect BIOS

Still trying to figure out how to let them save files, yet not leave
messages for other students.  I'm considering getting 40x 2GB USB Flash
Drives (one for each student of each class) so SteadyState can just nuke all
changes between students.  Teacher would distribute and collect all drives
before and at the end of class.

----
Brian H
binarynomad () gmail com
http://www.binarynomad.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]