>Message: 14 >Date: Wed, 02 Oct 2002 23:47:25 +0800 >To: Jim Wildman <[EMAIL PROTECTED]>,[EMAIL PROTECTED] >From: Stephen Liu <[EMAIL PROTECTED]> >Subject: Re: [Ltsp-discuss] Confidentiality and centralization > >Hi All, > >USB disks and pcmcia disks shall not be calculated as a pressure to >Diskless Workstations without USB socket. Email and Internet browsing are >two major problem.
ACK. Anyway, USB can only be used, when and after the drivers arte loaded; in our setup (which is standard I think) the pupils can only login grphically to the server, and this -of course- not as root. So there is no way for them to make the terminal use USB stuff. As of the server, it should imho be unaccessible by the pupils, e.g. in the teacher's preparation room next door, or in a locked cupboard (as with us; No problem with heat as the whole back wall of it is full of fingerdick holes for ventilation). So no way for the pupils to put the USB stick there. Let's just forget that USB stuff. >If prevention is remote, can a track record of all emails and webmail >dispatched by users be kept in LTSP server No. Not that I dislike the idea, but that's technically near to impossible. Many webmail services (e.g. www.web.de) use https:// as their favourite protocol, which is unrealistic that you can overhear it. Disabling https is no (sensible) solution neither. Of course you could overhear the connection to the X-Terminal for everything on the screen and every keystroke done, but that would also include any website they visit, any office application they use etcpp. Forget it. >and it can't be erased by the >users themselves, except the administrator? Although going through all >records daily by the administrator is not realistic such an arrangement may >inject a pre-warning to users. You could force proxy-use (transparent proxying, firewalls enable you to do so) and log just any http URI requested, but I think this fails with https. The other idea is: If there has to be security-relevant stuff on your server, why cannot you restrict access to that users that are allowed to see it? And if they can see it, what's the major difference between seeing it (hardcopying from the screen, e.g. with pencil or digital camera) and sending it to their home email address? If you are in fear about that data, and you don't trust your users, you should not give them any access to it. The other way 'round you could make them (in company environment, not in schools of course) sign any data security agreement which my chef made me sign on my part-time-job even in case I see anything that nobody else should see (not that I do, of course, it's only for security). -- Best regards, Anselm mailto:[EMAIL PROTECTED] ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.openprojects.net
