|
-
October 18th, 2006, 03:08 PM
#1
Securing a laptop like Alcatraz?
A client came to me with an interesting job which I'll end up taking on but I'd like your expert thoughts on this:
About 5 laptops will be setup in a mall so that passers-by can jump on the units and surf a website related to the mall itself- here is the deal....the laptops should only bring up the mall website itself- no other websites should be processed- furthermore, getting internet on the laptops will be somewhat of a difficulty (due to location)
That's when a little light bulb went off in my head: I'll just load the source of the mall website on to the physical laptops themselves....
NOW heres the thing:
I still don't want people dicking with the laptops (i'm not worried about adults doing anything funny but I guarantee there will be 1 university student who will walk by thinking he's got mad skills by trying to bring up solitare or something like that...)
So pretty much what I was thinking was: eliminating the shell explorer.exe running- then just ensuring iexplore.exe launches for browser capability.
I was then pondering the idea of having the address bar on the screen still- maybe wilth the actual website name on the address bar (to simulate that you're actually at that address)
I was thinking of doing that by running a webserver on each laptop and editing the hosts file so that the website address equals 127.0.0.1
On further thought I decided against that because then someone could "attempt" to go off course on to a different website/local folder through that method- so I'd like to permanently disable any chance of the address bar becoming active.
I'd also like to eliminate the minimize/maximize functions of iexplore as to keep the page forced on the screen at all times- and finally, i'd like to disable CTRL+ALT+DELETE and the CTRL+SHIFT+ESC trick
Here's the deal: I've never actually been asked to "secure" a computer in that type of way (just picture being in the bookstore Chapters.) BUT I'm sure some of you have here- so if you wouldn't mind sharing 1 or 2 tips I'd greatly appreciate it-
Thanks guys 
I'll make it up- somehow.
P.S. Any chance to disable the power button on a laptop? well...so that it is always ON- I'll probably have to look into that
Last edited by joey3k; October 18th, 2006 at 03:10 PM.
-
October 18th, 2006, 05:01 PM
#2
Driver Terrier
You forgot one vital piece of information.... what os do you intend to use?
You want to research inTRAnets - you don't need a webserver on each laptop - you can do it just through displaying the code in a browser (unless you need customer interaction in which case you want an inTRAnet).
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
October 18th, 2006, 05:12 PM
#3
Thanks for the response NooNoo!
I should mention that I decided to go against putting a webserver up on each machine (the only reason I was doing that so I could 'simulate' the address on the browser itself..)
I'll just pull the html files up from a local folder
p.s. i'll be using winxp....b/c they're already setup with it and this is only a 2 week thing...(was considering a cdrom boot version of linux w/ a GUI but am going to scrap that idea..)
-
October 18th, 2006, 05:34 PM
#4
Registered User
You could actually leave the PC's on the internet, and then put in a non-existant proxy server under connections, add the malls' website to the list of websites that do not go through the proxy server, and then lock it down with policies. It will be an impenatrable fortress, and go to no site that does not begin with www.themallyouaretalkingabout.com. I used to run a gaming LAN.
Once you have set up the web portion, use mmc, and then go to local policies and lock that puppy down. Be sure to leave the administrator on the box a way in though! If you lock ALL users out, you are locked out too.
Hope this helps..
*just re-read your post.. if you don't have internet there anyway, loading the page local is a good plan, and the policy lock-downs would still apply.
Last edited by Crastabule; October 18th, 2006 at 05:36 PM.
-Come on, I'll lend you money for a coffee.
-
October 21st, 2006, 02:42 PM
#5
 Originally Posted by Crastabule
You could actually leave the PC's on the internet, and then put in a non-existant proxy server under connections, add the malls' website to the list of websites that do not go through the proxy server, and then lock it down with policies. It will be an impenatrable fortress, and go to no site that does not begin with www.themallyouaretalkingabout.com. I used to run a gaming LAN.
Once you have set up the web portion, use mmc, and then go to local policies and lock that puppy down. Be sure to leave the administrator on the box a way in though! If you lock ALL users out, you are locked out too.
Hope this helps..
*just re-read your post.. if you don't have internet there anyway, loading the page local is a good plan, and the policy lock-downs would still apply.
Thanks Crastabule!
The proxy idea is genius.
Similar Threads
-
By Farrar in forum Tech-To-Tech
Replies: 5
Last Post: April 14th, 2006, 05:43 AM
-
By boem25 in forum Networking
Replies: 6
Last Post: June 13th, 2005, 08:42 PM
-
By navroz in forum Laptops/PDAs/Smartphones
Replies: 3
Last Post: October 15th, 2004, 02:12 PM
-
By navroz in forum Video Adapter/Monitor Drivers
Replies: 2
Last Post: October 12th, 2004, 09:08 AM
-
By NooNoo in forum Tech Lounge & Tales
Replies: 4
Last Post: December 20th, 2002, 10:42 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
Bookmarks