If Windows specific software isn't required, you could install a Linux Kiosk distro (like Steady State, most of these wipe all changes after a reboot).
On Sun, Sep 19, 2010 at 7:06 PM, Jeremy Pommerening <[email protected]> wrote: > Why don't you create images of the PC's before you rebuild them and run > forensics to find out who is causing the problems. Otherwise you're going to > continue to fight the problems no matter what you do...IMHO. > > > Jeremy Pommerening GIAC GCFA,GPEN,GAWN & GCFW, > > > > > --- On Sun, 9/19/10, Brian H <[email protected]> wrote: > >> From: Brian H <[email protected]> >> Subject: [Pauldotcom] Computer Lab in a Jail... >> To: "PaulDotCom Security Weekly Mailing List" >> <[email protected]> >> Date: Sunday, September 19, 2010, 2:36 AM >> I wanted to get some input from the >> security professionals point of view on my situation. >> >> I've been contacted by a local county detention center >> (read: JAIL), to help with a computer lab that keeps getting >> pwned. They keep having problems with MP3s, Porn, and >> Gang communication on these computers. They say they >> keep trying to clean them up, but the next day everything is >> back. >> >> I don't trust these computers one bit, I've already found >> an number of questionable programs/processes (that I've >> removed), and some trojans in the form of Adobe CS4 cracks >> that were placed on the hard drives. >> >> My first objective is (scorched earth) to reinstall from >> scratch, but that is on hold while they find the install >> CD's and Keys. I've been told these will not be >> available until later this week, but the first class of the >> new session will happen before that. >> >> So, in the meantime, I have to clean & lock these down >> as much as I can while letting the students still run the >> class programs and save their work somewhere. >> >> Environment: >> - 20 Lab/Student machines, 1 instructor >> - Two (2h) classes per day, AM >> (beginner) and PM (advanced) >> - Windows Vista Home Basic, Dell >> Optiplex 360, 2GB RAM, 130GB HD >> - No server >> - Students on closed network, unless >> teacher plugs in uplink cable >> - Students used to drop off work over >> network to teacher's PC. >> - Teacher has filtered Internet access >> cable next to their PC >> - Classes cover basic Office Suite, >> Typing, and IC3 Certification. >> - Previous IT person had "flexible >> morals", did favors for inmates. >> >> Ongoing problems: >> - Some malicious, computer savvy, >> felons >> - Gang messages hidden on the system to >> communicate to other members >> - Gang communication and file sharing >> across LAN in class >> - Porn and MP3 being spread between >> computers >> >> Options: >> - Removing all non essential programs >> - Installing and using Microsoft >> SteadyState >> - Creating student profile, with >> standard permissions >> - Enabling parental controls on student >> profile, app limitations, etc. >> - Disabling network switch (in the class >> room) >> - Disabling NIC in BIOS >> - Password protect BIOS >> >> Still trying to figure out how to let them save files, yet >> not leave messages for other students. I'm considering >> getting 40x 2GB USB Flash Drives (one for each student of >> each class) so SteadyState can just nuke all changes between >> students. Teacher would distribute and collect all >> drives before and at the end of class. >> >> ---- >> Brian H >> [email protected] >> http://www.binarynomad.com >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
