We remove the CD/Floppy drives from machines here.
Come on why is it not good for a boy to be flashing his Ubuntu CD round school and booting it in the library (they did have bios passwords). He could if really cleaver disable the virus scanner by doing some reg editing. He could then use cracking tools/packet sniffing to gather further access to the network. Just looks like a standard Ubuntu CD any comments?
We remove the CD/Floppy drives from machines here.
Well, I would likely confiscate them too, but give them back at the end of the day. The systems should only be used how they were set up, and bypassing any security is not a good thing (because even if he doesn't mess around, someone else could see it and mess instead).
Set computer to boot straight to harddisk and keep the BIOS password - then nobody cant boot CDs.
I know i someone who found a student trying to use herens boot cd in his pc I did not know what it was untill i had a look. But has got a really good password tools i know some it techs who use it.
Ubuntu live cd doesn't have default NTFS write support yet - i'd be more worried that he had installed it over your windows. Maybe it's time to install a locked down dual boot, so the kids can experiment with different systems etc, it would be good for learning.
Failing that you could probably stop this free software 'revolution' by burning the CD, along with any books you find on the subject, web filtering "sharing" "collaboration" etc which seem to go againt conventional teaching wisdom.
Yeah, watch out for usb booting too.
Sounds like a bit of a linux fanboy, i dont think there are any harmful tools on the ubuntu live cd, so really he would only beable to browse the HD... if he knew about phlak he might be dangerous
If i worked at a mixed school, i think id start a kind of club, letting these kids play around with linux and pcs (on oldish pcs). set them tasks and projects, making a file, lamp, squid, smtp, pvr server, im sure that would occupy them and discourage them to attempt to hack the network. If they did it well, then you could add it to your network, and trial it, see what people thought, and the kids could claim some credit.
I know i would have liked todo something like that...Since thats the kind of stuff im interested in, and i used todo the same thing, never harmful, just exploring.
Oh come on Cyber. Wil has a genuine concern. It wouldn't matter if the CD was *nix or Microsoft WinPE, BART PE or UBCDOriginally Posted by CyberNerd
I doubt you let free for all on your network either.
Sorry, but with physical access to the machine all bets are off. Ultimately there's not much you can do if they are determined/knowledgeable.
The only effective deterrent I've found is CCTV.
I agree with you totally about physical security and my earlier post doesn't say anything to the contrary.
BIOS boot device order and lockable CPU cases are your first line of defence. CCTV would be great but you can always fit it everywhere.
I dunno, A Zoneminder based installation drives the costs fairly low. Search the forums for 'zoneminder'. There's plenty of threads on the subject.
I removed cdroms, usb and bios protected the boot order but I do encourage the use of different OS with the kids in their own time. I genuinely don't believe that a monoculture of IT systems is good for education and it's great when kids experiment with things like ubuntu.Originally Posted by NetworkGeezer
It's such a shame that we (school staff and external companies) discourage it for various reasons. A locked down Ubuntu install won't hurt windows, but no - I wouldn't want kids running around with 1337 boot CD's on a FAT client network. After all if kids think that they are doing something subversive (even if they don't actually know how) it will only encourage them.
I give out Ubuntu discs to a few pupils who are intrested in alternate operating systems etc. Its also handy to give out for kids who use mac office, claris works, MS works, wordperfect or open office at home and bring in files that offices 2003 can't open.
By default ubuntu Breezy can't write to NTFS anyway if your concerned your permissions on desktop HDs aren't 100% you can neuter the disc so it will mount only select partitions or none at all.
I have a little booklet made up to teach them how to mount the common folder and they're home folder so they can work quite effectively on it.
I control the bios tho so only limited machines (the ones right at my door) can boot from anything other than the HD.
I would love to have a dual boot but I'm somewhat put off by A properly securing a linux install I know limitations and I know thats beyond them and I wouldn't be able to RIS a linux/XP dual boot machine which would fairly scupper my normal setup for desktops. We do alot of delphi programming and dreamweaver stuff here so the windows machines are by neccessity less than 100% locked. I rely on f12 > credentials > rebuild to deal with the resulting occasional damage.
BTW watch out for Knoppix discs. Those you can do alot with. When I arrived at this school the old tech had been gone 6 months and no one knew anything except the admin password for 1 domain admin account. Routers, printer server, switches, printers everything else I found on the network and then brute forced or changed the passwords with a knoppix disc. I now have a knoppix USB stick install for those noboot / nonetwork support calls.
could you not put a linux install on a vmware player as a package and distrobute it? orr, you could just have a couple of standalone computers in a room with ubuntu or someting installed and put a cheapo router with a strict firewall in the way, just for port 8080...
Just a quick thought - when I set up Edubuntu @ school I found I could browse the network easily with a user password and access other folders.
Fixed by changing all the properties of the other folders...!!
Ubuntu does like to find other computers on our network too!
There are currently 1 users browsing this thread. (0 members and 1 guests)