This reply addresses workstation security and management
only. It does not acknowledge the management of network
traffic or security.
Whenever I’m in Toronto, Canada, I go to the Cyberland Cafe.
Each station provides services from basic web browsing to
high-end gaming.
For user access control, they are running a proprietary GUI
over the OS. The GUI provides a full screen customizable
menu with the Cyber Café logo and various buttons for
programs installed on the station. In addition, customers
can view and order from the café menu from any station. All
components of the OS are completely masked from the users.
It’s also very appealing to customers. This is similar to
what you might see in Borders bookstores, some automated
directories in malls, and ATM machines.
You could also go with additional software to lock down each
station (ie. Centurion, Deepfreeze). If a user installs
Kazaa, you can simply restart the station and the original
software image is restored. If you are utilizing Norton
Ghost, you can also disable/enable Deepfreeze via command
line parameters over the network. This would allow you to
remotely unlock a station to upload software packages.
Personally, I would go with WinXP for the OS. WinXP is
faster, has the same administrative capabilities, and it may
be more attractive to customers. If they don’t like it, you
can always emulate the look and feel of previous operating
systems. In addition, WinXP has remote administrative
features built in. Users’ activities could be easily
monitored to enforce computer use policies. Some companies
can be held liable if a minor is exposed to adult content.
But that's a totally different debate.
Good luck. It sounds like an entertaining challenge.
Paul
---- Original message ----
>Date: Wed, 15 Jan 2003 12:44:02 -0800
>From: "Nicko Demeter" <[EMAIL PROTECTED]>
>Subject: RE: Internet Cafe
>To: "'Ferry van Steen'" <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>
>
>Why Win2k on every station? You could run terminals that
communicate
>with a Terminal Server or even a cluster of terminal
servers and then
>simply restrict what the users can access over the
terminals.
>
>Nicko
>
>-----Original Message-----
>From: Ferry van Steen [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, January 14, 2003 11:38 PM
>To: [EMAIL PROTECTED]
>Subject: Internet Cafe
>
>
>Hey there,
>
>for the first time I have to setup an internet cafe. I want
to use Win2k
>on the workstations and "cripple" it using the policies it
has, then use
>linux as a firewall/proxy with squid. Having only a proxy
and not a
>gateway should already narrow down a lot of security
issues, but I
>believe kazaa and some others still work through proxies
and I have
>hardly any idea on how secure the win2k policies are...
Basically all I
>want to allow them is using IE on websites/ftp sites, they
should be
>able to download, but only to a single folder and msn
messenger should
>work.
>
>Anyways, anyone got any suggestions/comments on what I
really have to
>look out for? I'm thinking it should be reasonably secure,
but in places
>like this you always have the added risc of people wanting
to damage the
>OS/system or use it as a place from which to attack others.
>
>Kind regards and TIA,
>
>Ferry van Steen
>
>
