Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: Computer Lab in a Jail...
From: Jeremy Pommerening <theaudioman () yahoo com>
Date: Sun, 19 Sep 2010 17:06:14 -0700 (PDT)

Why don't you create images of the PC's before you rebuild them and run forensics to find out who is causing the 
problems.  Otherwise you're going to continue to fight the problems no matter what you do...IMHO.


Jeremy Pommerening   GIAC GCFA,GPEN,GAWN & GCFW,   
  



--- On Sun, 9/19/10, Brian H <binarynomad () gmail com> wrote:

From: Brian H <binarynomad () gmail com>
Subject: [Pauldotcom] Computer Lab in a Jail...
To: "PaulDotCom Security Weekly Mailing List" <pauldotcom () mail pauldotcom com>
Date: Sunday, September 19, 2010, 2:36 AM
I wanted to get some input from the
security professionals point of view on my situation.

I've been contacted by a local county detention center
(read: JAIL), to help with a computer lab that keeps getting
pwned.  They keep having problems with MP3s, Porn, and
Gang communication on these computers.  They say they
keep trying to clean them up, but the next day everything is
back.

I don't trust these computers one bit, I've already found
an number of questionable programs/processes (that I've
removed), and some trojans in the form of Adobe CS4 cracks
that were placed on the hard drives.

My first objective is (scorched earth) to reinstall from
scratch, but that is on hold while they find the install
CD's and Keys.  I've been told these will not be
available until later this week, but the first class of the
new session will happen before that. 

So, in the meantime, I have to clean & lock these down
as much as I can while letting the students still run the
class programs and save their work somewhere.
    
Environment:
    - 20 Lab/Student machines, 1 instructor
    - Two (2h) classes per day, AM
(beginner) and PM (advanced)
    - Windows Vista Home Basic, Dell
Optiplex 360, 2GB RAM, 130GB HD
    - No server
    - Students on closed network, unless
teacher plugs in uplink cable
    - Students used to drop off work over
network to teacher's PC.
    - Teacher has filtered Internet access
cable next to their PC
    - Classes cover basic Office Suite,
Typing, and IC3 Certification.
    - Previous IT person had "flexible
morals", did favors for inmates.

Ongoing problems:
    - Some malicious, computer savvy,
felons
    - Gang messages hidden on the system to
communicate to other members
    - Gang communication and file sharing
across LAN in class
    - Porn and MP3 being spread between
computers

Options:
    - Removing all non essential programs
    - Installing and using Microsoft
SteadyState
    - Creating student profile, with
standard permissions
    - Enabling parental controls on student
profile, app limitations, etc.
    - Disabling network switch (in the class
room)
    - Disabling NIC in BIOS
    - Password protect BIOS

Still trying to figure out how to let them save files, yet
not leave messages for other students.  I'm considering
getting 40x 2GB USB Flash Drives (one for each student of
each class) so SteadyState can just nuke all changes between
students.  Teacher would distribute and collect all
drives before and at the end of class.

----
Brian H
binarynomad () gmail com
http://www.binarynomad.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



      
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault