@Dale: Sadly, one of the requirements for the class is the Microsoft IC3 certification which is highly dependent on a Windows OS. One of the modules was even complaining that it didn’t' like IE 8 and wanted IE 6 with ActiveX fully open. *sigh*
@Carlos: VDI sounds like a possibility, but there was no hardware for a server to be setup and the whole possibility of communication between gang members was high enough that they wanted the network down. @Andrew: Yeah, I had Zero "$0" budget so implementing anything non-free was out of the question. I believe the old user ID's were "Standard" but either they got the admin password from the pervious IT person, or they esclated their privileges somehow. I locked them down the best I could. I did go through and pull the product keys using a USB drive with an autorun calling "produkey.exe" and outputting the data to a CSV on the USB drive. Sadly the switches your run of the mill Desktop Netgear FS116. No management. @Bugbear: Yeah, I notice SteadyState had falled off of MS development list. (that really saddens me, it is a VERY useful product for public usage like coffee shops, churches, schools, libraries, ... prisons). Thankfully the software will continue to work, you just cannot find any support for it. I hope MS is smart/nice enough to deploy a better replacement instead of either (a) putting out a commercial product (most of the people that can use this are budget strapped), or (b) stepping aside for other commercial vendors to take over the space. @Jeremy: It would be nice, but (a) they barely had enough money to pay me to refresh the lab, (b) I don't know how many class semesters these machines went through, and (c) a corrupt IT admin, it don't think I can find a traceable audit trail. @Xgerms: Needed to be Windows. (a) IC3 is Microsoft specific, (b) it utilized the specific menu options of Microsoft Office suite in its tutorials, (c) I could not teach the instructor some level of familiarity with Linux in the 1-2 hours I had to actually see/talk to him. ---- Brian H [email protected] http://www.binarynomad.com On Sep 20, 2010, at 2:31 PM, Dale Stirling wrote: > Another solution if you are not bound to Windows is to run desktops without > HDD and us a linux live CD as you OS drive. > > This removes storage from the desktops and allows a cheap and effective > steady state environment that is easily ugradeable. We hqve donthis to > provide cheap dumb terminal solutions in the past. > > The only down side is that you would need to move authentication and ny > writeable storage to either a server or the instructors PC. > > Cheers, > > Dale > > >> On 20 Sep 2010 02:18, "Brian H" <[email protected]> wrote: >> >> I wanted to get some input from the security professionals point of view on >> my situation. >> >> I've been contacted by a local county detention center (read: JAIL), to help >> with a computer lab that keeps getting pwned. They keep having problems >> with MP3s, Porn, and Gang communication on these computers. They say they >> keep trying to clean them up, but the next day everything is back. >> >> I don't trust these computers one bit, I've already found an number of >> questionable programs/processes (that I've removed), and some trojans in the >> form of Adobe CS4 cracks that were placed on the hard drives. >> >> My first objective is (scorched earth) to reinstall from scratch, but that >> is on hold while they find the install CD's and Keys. I've been told these >> will not be available until later this week, but the first class of the new >> session will happen before that. >> >> So, in the meantime, I have to clean & lock these down as much as I can >> while letting the students still run the class programs and save their work >> somewhere. >> >> Environment: >> - 20 Lab/Student machines, 1 instructor >> - Two (2h) classes per day, AM (beginner) and PM (advanced) >> - Windows Vista Home Basic, Dell Optiplex 360, 2GB RAM, 130GB HD >> - No server >> - Students on closed network, unless teacher plugs in uplink cable >> - Students used to drop off work over network to teacher's PC. >> - Teacher has filtered Internet access cable next to their PC >> - Classes cover basic Office Suite, Typing, and IC3 Certification. >> - Previous IT person had "flexible morals", did favors for inmates. >> >> Ongoing problems: >> - Some malicious, computer savvy, felons >> - Gang messages hidden on the system to communicate to other members >> - Gang communication and file sharing across LAN in class >> - Porn and MP3 being spread between computers >> >> Options: >> - Removing all non essential programs >> - Installing and using Microsoft SteadyState >> - Creating student profile, with standard permissions >> - Enabling parental controls on student profile, app limitations, etc. >> - Disabling network switch (in the class room) >> - Disabling NIC in BIOS >> - Password protect BIOS >> >> Still trying to figure out how to let them save files, yet not leave >> messages for other students. I'm considering getting 40x 2GB USB Flash >> Drives (one for each student of each class) so SteadyState can just nuke all >> changes between students. Teacher would distribute and collect all drives >> before and at the end of class. >> >> ---- >> Brian H >> [email protected] >> http://www.binarynomad.com >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
