Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: Computer Lab in a Jail...
From: Brian H <binarynomad () gmail com>
Date: Tue, 21 Sep 2010 11:31:23 -0700

@Dale: Sadly, one of the requirements for the class is the Microsoft IC3 certification which is highly dependent on a 
Windows OS.  One of the modules was even complaining that it didn’t' like IE 8 and wanted IE 6 with ActiveX fully open. 
 *sigh*

@Carlos: VDI sounds like a possibility, but there was no hardware for a server to be setup and the whole possibility of 
communication between gang members was high enough that they wanted the network down.

@Andrew: Yeah, I had Zero "$0" budget so implementing anything non-free was out of the question.  I believe the old 
user ID's were "Standard" but either they got the admin password from the pervious IT person, or they esclated their 
privileges somehow.  I locked them down the best I could.  I did go through and pull the product keys using a USB drive 
with an autorun calling "produkey.exe" and outputting the data to a CSV on the USB drive.  Sadly the switches your run 
of the mill Desktop Netgear FS116.  No management.

@Bugbear: Yeah, I notice SteadyState had falled off of MS development list. (that really saddens me, it is a VERY 
useful product for public usage like coffee shops, churches, schools, libraries, ... prisons).  Thankfully the software 
will continue to work, you just cannot find any support for it.  I hope MS is smart/nice enough to deploy a better 
replacement instead of either (a) putting out a commercial product (most of the people that can use this are budget 
strapped), or (b) stepping aside for other commercial vendors to take over the space.

@Jeremy: It would be nice, but (a) they barely had enough money to pay me to refresh the lab, (b) I don't know how many 
class semesters these machines went through, and (c) a corrupt IT admin, it don't think I can find a traceable audit 
trail.

@Xgerms: Needed to be Windows.  (a) IC3 is Microsoft specific, (b) it utilized the specific menu options of Microsoft 
Office suite in its tutorials, (c) I could not teach the instructor some level of familiarity with Linux in the 1-2 
hours I had to actually see/talk to him.



----
Brian H
binarynomad () gmail com
http://www.binarynomad.com

On Sep 20, 2010, at 2:31 PM, Dale Stirling wrote:

Another solution if you are not bound to Windows is to run desktops without HDD and us a linux live CD as you OS 
drive.

This removes storage from the desktops and allows a cheap and effective steady state environment that is easily 
ugradeable. We hqve donthis to provide cheap dumb terminal solutions in the past.

The only down side is that you would need to move authentication and ny writeable storage to either a server or the 
instructors PC.

Cheers,

Dale


On 20 Sep 2010 02:18, "Brian H" <binarynomad () gmail com> wrote:

I wanted to get some input from the security professionals point of view on my situation.

I've been contacted by a local county detention center (read: JAIL), to help with a computer lab that keeps getting 
pwned.  They keep having problems with MP3s, Porn, and Gang communication on these computers.  They say they keep 
trying to clean them up, but the next day everything is back.

I don't trust these computers one bit, I've already found an number of questionable programs/processes (that I've 
removed), and some trojans in the form of Adobe CS4 cracks that were placed on the hard drives.

My first objective is (scorched earth) to reinstall from scratch, but that is on hold while they find the install 
CD's and Keys.  I've been told these will not be available until later this week, but the first class of the new 
session will happen before that.

So, in the meantime, I have to clean & lock these down as much as I can while letting the students still run the 
class programs and save their work somewhere.

Environment:
       - 20 Lab/Student machines, 1 instructor
       - Two (2h) classes per day, AM (beginner) and PM (advanced)
       - Windows Vista Home Basic, Dell Optiplex 360, 2GB RAM, 130GB HD
       - No server
       - Students on closed network, unless teacher plugs in uplink cable
       - Students used to drop off work over network to teacher's PC.
       - Teacher has filtered Internet access cable next to their PC
       - Classes cover basic Office Suite, Typing, and IC3 Certification.
       - Previous IT person had "flexible morals", did favors for inmates.

Ongoing problems:
       - Some malicious, computer savvy, felons
       - Gang messages hidden on the system to communicate to other members
       - Gang communication and file sharing across LAN in class
       - Porn and MP3 being spread between computers

Options:
       - Removing all non essential programs
       - Installing and using Microsoft SteadyState
       - Creating student profile, with standard permissions
       - Enabling parental controls on student profile, app limitations, etc.
       - Disabling network switch (in the class room)
       - Disabling NIC in BIOS
       - Password protect BIOS

Still trying to figure out how to let them save files, yet not leave messages for other students.  I'm considering 
getting 40x 2GB USB Flash Drives (one for each student of each class) so SteadyState can just nuke all changes 
between students.  Teacher would distribute and collect all drives before and at the end of class.

----
Brian H
binarynomad () gmail com
http://www.binarynomad.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault