How can I secure a publicly accessed PC?

Discussion in 'other software & services' started by trolleyclang, Oct 16, 2003.

Thread Status:
Not open for further replies.
  1. trolleyclang

    trolleyclang Registered Member

    Joined:
    Oct 11, 2003
    Posts:
    4
    I am new to security for PCs. We have a very small town public library. I need to find a way to secure the Internet. Let them use it as much as they want. Our main concern is to keep the homepage from being changed either by a user or some other program. I have founds ways to gray out the place where the user can make changes to the homepage. But, how do I keep the user from clicking "yes" if some site they visit asks them if they want to change the homepage?

    Thank you. o_O
     
  2. pin

    pin Registered Member

    Joined:
    Nov 4, 2002
    Posts:
    116
    well, one way could perhaps be turning off active-x, and then graying out the options menu, if you are using IE. that way the pop-up question should never even come up. but that may break the occasional site.
     
  3. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    Perhaps javacools browser hijack blaster may be good for you http://www.wilderssecurity.net/bhblaster.html or Spyware Gaurd http://www.wilderssecurity.net/spywareguard.html

    Also "Spybot search and destroy " has a settings to
    (1) lock IE start page settings against user changes
    (2) Lock IE control panel against opening from within.

    http://www.safer-networking.org/index.php?lang=en&page=download
    These settings are found on spybot by using the advanced mode. > Immunise>
     
  4. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    I would agree, matters like spybot locking homepage wont guard against it being altered by such malware.

    To be absolutely safe, turn everything off, Java,javascript/VB,activex
     
  5. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    yea but a Library may require some of those settings to be active . Some times when we turn every thing off and are too paronoid we end up locking ourselves out of many resources , and some of these may ( or may not
    be required by a public library .
     
  6. pin

    pin Registered Member

    Joined:
    Nov 4, 2002
    Posts:
    116
    if someone needs something on, they can ask an administrator/librarian to set what is necessary, or to put the site in a temporary trusted zone. but this assumes that you know the good sites from the bad. a good hosts file should help there.
     
  7. rerun2

    rerun2 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    338
    If you are using IE with Win2k or XP you can use gpedt.msc.

    Start->Run->gpedit.msc->Administrative Templates->Windows Components->Internet Explorer->"Disable Changing Home Page Settings" and set it to Enable.

    IE also has a kiosk mode but it might be a little too restrictive depending on your users' needs.
    http://support.microsoft.com/?kbid=154780

    I also agree that java and activex should be disabled as well as file downloading.
     
  8. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    While we may secure our own PCs and prevent ActiveX, Java and Javascript from running, for a publicly accessible PC, used no doubt by a large succession of people, I doubt that would be very practical. I mean from the standpoint of customer complaints about not being able to use some very standard websites that do require one or more of these for full functionality.

    I'm thinking that something like Deep Freeze might be a better option.
     
  9. rerun2

    rerun2 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    338
    Im sure there are quite a large number of sites that require java, javascript, and activex. But out of those sites, some of them are better off avoiding when using a public computer anyways. Some web based emails come to mind. I believe there was even a recent paper on hotmail being vulnerable to cross-site scripting attacks with java enabled. Not to mention certain privacy issues and what people might execute accidentally in emails. Most other "general" sites i encounter will usuaully work, but will sometimes lack certain features or not display as well with java and javascript disabled (I am a rather conservative internet surfer though). I guess there will always be that conflict between usability and security. Probably depending a lot on the users' needs and what this library would like to offer. DeepFreeze does look like a good option either way though :)
     
  10. groundling

    groundling Guest

    While looking at K-Meleon a while back, I ran across this site. It deals with browser security for libraries and also deals with filters and CIPA issues for libraries.
    http://tln.lib.mi.us/~amutch/pro/browser/
    BTW
    Deep Freeze sounds good.
     
Loading...
Thread Status:
Not open for further replies.