Why don't you create images of the PC's before you rebuild them and run forensics to find out who is causing the problems. Otherwise you're going to continue to fight the problems no matter what you do...IMHO.
Jeremy Pommerening GIAC GCFA,GPEN,GAWN & GCFW, --- On Sun, 9/19/10, Brian H <[email protected]> wrote: > From: Brian H <[email protected]> > Subject: [Pauldotcom] Computer Lab in a Jail... > To: "PaulDotCom Security Weekly Mailing List" <[email protected]> > Date: Sunday, September 19, 2010, 2:36 AM > I wanted to get some input from the > security professionals point of view on my situation. > > I've been contacted by a local county detention center > (read: JAIL), to help with a computer lab that keeps getting > pwned. They keep having problems with MP3s, Porn, and > Gang communication on these computers. They say they > keep trying to clean them up, but the next day everything is > back. > > I don't trust these computers one bit, I've already found > an number of questionable programs/processes (that I've > removed), and some trojans in the form of Adobe CS4 cracks > that were placed on the hard drives. > > My first objective is (scorched earth) to reinstall from > scratch, but that is on hold while they find the install > CD's and Keys. I've been told these will not be > available until later this week, but the first class of the > new session will happen before that. > > So, in the meantime, I have to clean & lock these down > as much as I can while letting the students still run the > class programs and save their work somewhere. > > Environment: > - 20 Lab/Student machines, 1 instructor > - Two (2h) classes per day, AM > (beginner) and PM (advanced) > - Windows Vista Home Basic, Dell > Optiplex 360, 2GB RAM, 130GB HD > - No server > - Students on closed network, unless > teacher plugs in uplink cable > - Students used to drop off work over > network to teacher's PC. > - Teacher has filtered Internet access > cable next to their PC > - Classes cover basic Office Suite, > Typing, and IC3 Certification. > - Previous IT person had "flexible > morals", did favors for inmates. > > Ongoing problems: > - Some malicious, computer savvy, > felons > - Gang messages hidden on the system to > communicate to other members > - Gang communication and file sharing > across LAN in class > - Porn and MP3 being spread between > computers > > Options: > - Removing all non essential programs > - Installing and using Microsoft > SteadyState > - Creating student profile, with > standard permissions > - Enabling parental controls on student > profile, app limitations, etc. > - Disabling network switch (in the class > room) > - Disabling NIC in BIOS > - Password protect BIOS > > Still trying to figure out how to let them save files, yet > not leave messages for other students. I'm considering > getting 40x 2GB USB Flash Drives (one for each student of > each class) so SteadyState can just nuke all changes between > students. Teacher would distribute and collect all > drives before and at the end of class. > > ---- > Brian H > [email protected] > http://www.binarynomad.com > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
