+ Post New Thread
Page 4 of 5 FirstFirst 12345 LastLast
Results 46 to 60 of 71
How do you do....it? Thread, Prevent hard drive changes in Technical; What about these unrestricted users launching viruses spreading throughout the network? What about these unrestricted users running brute-force apps attempting ...
  1. #46

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,413
    Thank Post
    642
    Thanked 964 Times in 664 Posts
    Blog Entries
    2
    Rep Power
    327

    Re: Prevent hard drive changes

    What about these unrestricted users launching viruses spreading throughout the network?

    What about these unrestricted users running brute-force apps attempting to crack the security implemented on the server?

  2. #47
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,986
    Thank Post
    269
    Thanked 52 Times in 46 Posts
    Blog Entries
    2
    Rep Power
    47

    Re: Prevent hard drive changes

    Setting the kids a challenge no where near simulates a real world attack. I've done similar with kids - they just aren't inspired the same.

  3. #48

    Join Date
    Aug 2005
    Location
    Birmingham, UK
    Posts
    490
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Prevent hard drive changes

    Quote Originally Posted by RoyG
    Using your analogy, I would be more than happy to leave my car unlocked, with a big sign on it saying, "Please help yourself", if I had a magic wand to restore the car to its original position and condition in 30 seconds flat!
    RoyG
    Are your servers running the reborn cards then?

    As for not being able to take down the servers, the kids could load some DDoS tools and attack them, run NetWare specific exploit code looking for holes etc etc, so in all fairness they can at least cause outages as a direct result of letting them run what they want. The odds of this happening however seem to be very low at your school. My old school was a different kettle of fish. The kids used to find every way possible to break things. One of the biggest issues was them running (or trying to run) P2P apps and install games.

    I think the point i was trying to make is the workstations are great, one reboot fixes all hence the need for no restrictions, but id be more worried about them using the workstations and their freedoms to attack the network infrastructure itself, not knowing netware i cant comment on its security, but i would still be paranoid about allowing them to try.

    For the bright kids i would have liked to have set up a lab for them to use.

  4. #49
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34

    Re: Prevent hard drive changes

    @RoyG: When a student logs on and has local admin rights, does this also give them implied admin rights on all the other PCs? This would certainly be the case on a Windows network if the students were using domain based user accounts. Would this not mean that a student could remotely cause havoc on any other PC, presumably including those used by teachers.

  5. #50

    Join Date
    Feb 2006
    Posts
    1,187
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Prevent hard drive changes

    It is possible to limit admin priviligies to spefic clusters student only clusters.

    Thoug you do have a good point there if they can logon remotely to the Head Teachers PC let's say, they could casue all manner of havoc.

  6. #51
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,484
    Thank Post
    10
    Thanked 502 Times in 442 Posts
    Rep Power
    114

    Re: Prevent hard drive changes

    The biggest issue with local admin right is if you are able to see files on a remote computer, as this can allow you to see documents on the users desktop for example, and anything else stored in the profile

  7. #52

    Join Date
    Jan 2006
    Posts
    162
    Thank Post
    3
    Thanked 2 Times in 2 Posts
    Rep Power
    18

    Re: Prevent hard drive changes

    Webman -
    AV runs on all w/stns & server. They may have attempted brute force (with my encouragement!) against the server, but have not succeeded.

    E1uSiV3 -
    No Reborn cards on server, we (like US Department of Defence) rely on Novell security.
    If they do install games/P2P they're instantly deleted when the w/stn reboots.

    ajbritton/NetworkGeezer/DMcCoy -
    Remote access & file sharing are not enabled on w/stns - particularly the Head's!!

    NetworkGeezer -
    I see what you mean about having my rebellious ideas challenged!!!

    Time to go home.

    RoyG

  8. #53

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,413
    Thank Post
    642
    Thanked 964 Times in 664 Posts
    Blog Entries
    2
    Rep Power
    327

    Re: Prevent hard drive changes

    Well, personally, I still see problem areas within the network model. Perhaps your AV fails or isn't updated for the latest threat.

    If they can run whichever executables they wish and are able to browse the network, nothing good can come of this from a security point of view in my opinion. Snooping packets, spoofing IP addresses, browsing network shares, net-sending to people. Just becaus P2P apps are deleted on a reboot doesn't mean they aren't using them to illegally share files which could land the school/LEA in hot water. To me, it's like having your server's directly connected to the Internet without a firewall.

    All it takes is a vulnerability in one of the server's services which is open on the LAN to be taken advantage of. And without software policies in place to stop them running things to give them access to this, it is a potential problem area.

  9. #54

    Join Date
    Feb 2006
    Posts
    1,187
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Prevent hard drive changes

    Quote Originally Posted by webman
    Snooping packets, spoofing IP addresses,
    This is important when Web filtering is IP based as with some RBCs rather than user authenticated e.g. ISA/Websense or Censornet.

    net-sending to people.
    The XP firewall should be up by default and blocking all inbound comms even on the LAN.

    Just becaus P2P apps are deleted on a reboot doesn't mean they aren't using them to illegally share files which could land the school/LEA in hot water. To me, it's like having your server's directly connected to the Internet without a firewall.
    To be fair, you'd normally block P2P at the proxy or the firewall.

  10. #55

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,413
    Thank Post
    642
    Thanked 964 Times in 664 Posts
    Blog Entries
    2
    Rep Power
    327

    Re: Prevent hard drive changes

    Yes, a few good points NetworkGeezer. I had made presumptions about the network. I believe in prevention being better than cure, and preventing users from having free-reign over the network is better than sorting out the aftermath, in my eyes.

  11. #56
    Guest

    Re: Prevent hard drive changes

    I'd be more worried about students installing key loggers onto pcs and then getting access to teacher accounts / SIMS et al.

    Students should have no admin rights full stop.

  12. #57

    Join Date
    Feb 2006
    Posts
    1,187
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Prevent hard drive changes

    Quote Originally Posted by SYSMAN_MK
    I'd be more worried about students installing key loggers onto pcs and then getting access to teacher accounts / SIMS et al.
    Roy's arguemnt was that he disabled logout so then the only way to exit a session was via-reboot which cleared out the malware.

    Students should have no admin rights full stop.
    This is probably still my default position, especially on general purpose PC suites.
    That said it has been interesting to have another perspective on the matter.

  13. #58
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,986
    Thank Post
    269
    Thanked 52 Times in 46 Posts
    Blog Entries
    2
    Rep Power
    47

    Re: Prevent hard drive changes

    Quote Originally Posted by RoyG
    ajbritton/NetworkGeezer/DMcCoy -
    Remote access & file sharing are not enabled on w/stns - particularly the Head's!!
    ...and all the default shares turned off?

    Agreed Geezer. It looks like a lot of fuss to set up - and not cheap ...apart from Netware :P

  14. #59

    Join Date
    Jan 2006
    Posts
    162
    Thank Post
    3
    Thanked 2 Times in 2 Posts
    Rep Power
    18

    Re: Prevent hard drive changes

    Webman -

    "....Perhaps your AV fails or isn't updated for the latest threat..."

    Let's face it, that could cause problems on any system!

    "....Just because P2P apps are deleted on a reboot doesn't mean they aren't using them to illegally share files which could land the school/LEA in hot water..."

    Paranoia squared!!!

    "....To me, it's like having your server's directly connected to the Internet without a firewall..."

    Overstatment, or what?!

    "....and preventing users from having free-reign over the network is better than sorting out the aftermath..."

    That's "free-rein" - sorry, ex-teacher speaking here!!

    mark -

    "....and all the default shares turned off?..."

    Which?

    "....Agreed Geezer. It looks like a lot of fuss to set up - and not cheap ...apart from Netware..."

    Confused! What's a lot of fuss? What's not cheap?


    The original post on this thread was "Does anyone use some software that undoes any changes to a local machine's hard drive on reboot?" The answer to that seems to be Reborn Card, EZ-Back, Deepfreeze or similar, however you choose to apply network policies.

    The thread seems to have developed into "How can this silly old b*gger run a network without imposing huge restrictions on what users are allowed to do."

    My final words on this topic are that our school has a system which has had only one unscheduled server down since 1999 (40 minutes), only 3 student workstations needing any attention this academic year, where kids can use USB drives, CDRs, floppies, Hotmail or whatever else they like to transfer work between work and home, where they have the freedom (within reason) to experiment & develop their IT skills & interests. We have had no instances of lost GCSE coursework or any other important data. When we were using the "restrict the b*stards to the bare minimum", workstation downtime & general hassle was a LOT greater.

    The school has 860 students, 200+ desktop PCs, 100+ laptops - total ICT technical support staff, me! We have one ICT Manager who looks after Computer Room bookings and classroom support.

    We are a Grammar School, which doesn't mean it's full of goody-goodies - just generally brighter villains!

    I'll be 60 years old next month, enjoy my job immensely, enjoy the interaction with IT users of all ages, am not stressed (often!), don't have to work silly hours, enjoy the challenge of new technologies - I'm still learning loads new every day!

    I'm not saying that the model we have is appropriate for every school, but worth consideration. For it to work it's important to have a good, co-operative relationship between SMT, ICT Department, ICT Support staff and a degree of trust for the kids. Don't fight 'em - talk to 'em!

    Over & out.

    RoyG

  15. #60

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,413
    Thank Post
    642
    Thanked 964 Times in 664 Posts
    Blog Entries
    2
    Rep Power
    327

    Re: Prevent hard drive changes

    Quote Originally Posted by RoyG
    Webman -

    "....Perhaps your AV fails or isn't updated for the latest threat..."

    Let's face it, that could cause problems on any system!
    Yes, it could, but even more so where users can execute anything they like!

    If it works for you, that's great. But we do it the opposite way and have great results, too. Our only downtime has been due to heat in the past 4 years since the new network was installed and new Network Manager to manage it all (bossman).

SHARE:
+ Post New Thread
Page 4 of 5 FirstFirst 12345 LastLast

Similar Threads

  1. Hard drive overheat
    By contink in forum Hardware
    Replies: 1
    Last Post: 30th November 2007, 11:37 AM
  2. Hard Drive
    By Jackd in forum Hardware
    Replies: 3
    Last Post: 20th November 2007, 07:31 PM
  3. dvd to hard drive.
    By callumtuckey in forum How do you do....it?
    Replies: 11
    Last Post: 1st July 2007, 08:59 PM
  4. Best Hard Drive Manufacturer
    By nawbus in forum Hardware
    Replies: 35
    Last Post: 3rd April 2007, 08:06 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •