<snip> > Basically all I > want to allow them is using IE on websites/ftp sites, they should be > able to download, but only to a single folder and msn messenger should > work.
How about you lock the firewall down with a deny all in/out, and then simply open the ports you're allowing them to have, or, as required, or, as policy changes etc. Only pass out ports related to icq, irc, realplayer, msn and, naturally, http/ftp/ssh etc etc as required. (check http:www.portsdb.org for good listings) This way other outgoings (kazaa etc) are dropped unless added explicitly. > > Anyways, anyone got any suggestions/comments on what I really have to > look out for? I'm thinking it should be reasonably secure, > but in places > like this you always have the added risc of people wanting to > damage the > OS/system or use it as a place from which to attack others. openbsd. you might even want to use nat on the internal net making it harder for external attackers. Although this can be a bit of a hassle for setting up online gaming unless you know exactly what you're doing. In regards to downloading to a single folder, i assume this can be done in win2k by settin the customer account to write only to that folder. > > Kind regards and TIA, > > Ferry van Steen > hope it helps, .will [EMAIL PROTECTED] "This message is intended for the addressee named and may contain confidential information. If you are not the intended recipient, please destroy it and notify the sender. Views expressed in this message are those of the individual sender, and are not necessarily the views of the Central Sydney Area Health Service."
