securing an Ubuntu box in a shared office?
email.listen at googlemail.com
email.listen at googlemail.com
Fri Jul 7 01:53:27 UTC 2006
Am Thu, 6. July 2006 17:05 schrieb Anonyma:
> I know that anyone who can get into a computer can make it insecure
> (by putting the hard drive in another machine or taking the mo/board
> battery out to clear the bios password), but what are the steps I can
> realistically take to make a computer in a shared office secure? I
> can only think of these two:
>
> 1. set a BIOS password
>
> 2. set a GRUB password so no-one else can boot it into single-user
> mode
>
> Anything else?
If it is more than one (you mentioned 'an Ubuntu Box') and if there is a
server available it might be intersting to set up all office machines as
thin-clients.
You need to set up one machine as nomachine/freeNX Terminal Server. This
machine can be placed in a secure environment, e.g. in a locked room
downstairs in the cellar. So physicall access is more restricted.
This machine has to be powerfull enought to serve all clients. Which means RAM
should be ca. 128MB per client plus 128MB. So 1GB should be enough for 5
clients, but the more the better. The harddisk(s) should fast enough, so I
would vote for a fast SATA drive or better a SCSI or SATA (hardware) Raid to
avoid a bottleneck here.
For the thin-clients you may use some old machines (P-III 500 will cost not
more than 50$)
Set up the machines using thinstation [1]. Thinstation is a thin-client Linux
system which is able to connect to most every known Terminal Server Systems,
not only NOMachine/freeNX.
The advantage of thin-clients is the ease of administration and not to forget
the low costs. Plus the aspects of better physical and data security.
A disatvantage is the single point of failure of a terminal server. If the
terminal server is down no thin client is usable. So thats why you should
take care of using reliably hardware for the server.
In the past I've set up some dozen classrooms in schools using a terminal
server and thin-clients. Most of them using OpenSchool Server [2] as server
machine (NOMachine/freeNX service has to be set up additionally, it is not
part of OSS but it's easy done) and Thinstation for the thin-clients.
Skolelinux [3] might be another distribution you may have a closer look on.
Setting up a whole classroom is done in a few hours, server and clients. It
uses LTSP [4] not NOMachine/freeNX so its a bit less performant.
[1] http://www.thinstation.org/
[2] http://www.extis.de/oss.html
[3] http://www.skolelinux.org/
regards,
thomas
More information about the ubuntu-users
mailing list