Securing a public workstation under windows 9x
Download
1 / 54

Securing a Public Voyager Workstation under Windows 9598 - PowerPoint PPT Presentation


  • 510 Views
  • Uploaded on

Securing a Public Workstation Under Windows 9x VUGM-1999 Rider University Libraries Edward Corrado & Dr. Sharon Yang Edward M. Corrado, MLS Unix Administrator/ Library Systems Manager - Rider University Libraries MLS, Rutgers University-1997 BA, Mathematics, Caldwell College-1992

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Securing a Public Voyager Workstation under Windows 9598' - omer


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Securing a public workstation under windows 9x l.jpg

Securing a Public Workstation Under Windows 9x

VUGM-1999

Rider University Libraries

Edward Corrado & Dr. Sharon Yang


Edward m corrado mls l.jpg
Edward M. Corrado, MLS

  • Unix Administrator/ Library Systems Manager - Rider University Libraries

  • MLS, Rutgers University-1997

  • BA, Mathematics, Caldwell College-1992

  • [email protected]


Sharon yang l.jpg
Sharon Yang

  • Systems Librarian at Rider University

  • DLS, Columbia University-1997

  • MS, Columbia University-1988


Outline of the presentation l.jpg
Outline of the Presentation

  • Purpose of the presentation

  • Presentation

    • Batsh

    • System Policy Editor

    • TweakUI

    • Netscape


Outline of the presentation5 l.jpg
Outline of the Presentation

  • Fortres 101

  • Winselect

  • Everybody’s Menu Builder

  • Ghost

  • Conclusion


  • Just a reminder l.jpg
    Just a Reminder!

    • The presentation is about the security of a workstation, not that of a server.

    • The presentation is about our experience at Rider. It is not intended to be an in-depth training session on security software. This is an overview of the tools we use.

    • What we do to secure a Voyager OPAC may be different from what you do. What we do may not be necessarily the “best” way for your situation .


    The purpose of the presentation l.jpg
    The Purpose of the Presentation

    • Present the issue of security on a public workstation

    • Share our experience at Rider

    • Introduce new tools


    This is what we do for a voyager opac workstation l.jpg
    This is what we do for a VoyagerOPAC Workstation

    • Batsh Program

    • Windows System Policy Editor

    • Netscape


    Bios cmos password settings l.jpg
    Bios (CMOS) password settings

    • To prevent changing of system settings

    • to prevent the setting of (unknown to you) passwords

    • can be used with settings to prevent booting from floppy


    Bios cmos password boot l.jpg
    Bios (CMOS) password - boot

    • Prevent unauthorized booting of PC


    Autoexec bat l.jpg
    Autoexec.bat

    • Can be used to automatically copy files that patrons may have changed when the computer is started

      • bookmarks

      • wallpaper

      • etc.


    What is batsh exe for l.jpg
    What is BATSH.EXE for?

    • To run WINDOWS commands from a text file. Line by Line. Like BATCH (.BAT) files in DOS, but with some WINDOWS specific commands, and not all the DOS features.


    What o s s does batsh exe run on l.jpg
    What O/S’s does BATSH.EXE run on?

    • Windows 3.1

    • Windows 95

    • Windows NT

    • Windows 98 ?


    How and why rider university uses batsh exe l.jpg
    How and why Rider University uses BATSH.EXE?

    • BATSH.EXE replaces EXPLORER shell on OPAC computers (both Windows based Voyager and Netscape)

    • This lessens the potential security hazards that the Explorer shell has.

    • Can also be used to map network drives

    • The Price is Right -- Freeware!


    Why not just use the application as the shell l.jpg
    Why not just use the application as the shell?

    • Harder to change between applications

    • Windows will not shut down correctly with most applications as a shell


    Batsh on voyager workstation l.jpg
    Batsh on Voyager Workstation

    Batsh scripts are used to automatically launch any program we chose on startup

    The batsh script does not allow patrons from exiting a program. If they try, they will be prompted for a password. If the wrong password is entered, or a password isn’t entered in a set amount of time, batsh will automatically re-launch the program.


    Where is batsh exe l.jpg
    Where is BATSH.EXE?

    • Written by Thomas Nyffenegger

    • http://www.fmi.ch/groups/ThomasNyffenegger/Group.html

    • On various freeware sites on the Net:

    • http://www.winsite.com

    • Our batsh scripts will be made available


    What is system policy editor l.jpg
    What is System Policy Editor?

    System Policy Editor is a program

    that comes on the Windows 95/98

    CD-ROM when you buy the OS. It is

    used to control a user’s desktop

    environment. In Rider library we

    use it to lock down a public access

    workstation such as a voyager

    OPAC terminal. It does the job

    successfully.


    Where is system policy editor l.jpg
    Where is System Policy Editor?

    System Policy Editor for Windows 95 is located on Windows 95 CD-ROM

    in D:\admin\apptools\poledit. System Policy Editor for Windows 98 is

    on Windows 98 CD-ROM in d:\tools\reskit\netadmin\poledit. System

    Policy Editor for Windows NT comes in the

    server software package.


    Slide20 l.jpg
    http://www.microsoft.com/Windows95/downloads/contents/WUAdminTools/S_WUManagementTools/W95PolicyEditor/Default.asp

    System Policy Editor for Windows 95

    Or you can download System

    Policy Editor for Windows 95 from

    the Microsoft web site at the

    above URL. It is easier if you search

    the key words “system policy editor”

    at the web site.


    Ht tp www microsoft com products msoffice project prk text appa htm l.jpg
    http://www.microsoft.com/products/msoffice/Project /PRK/text/appa.htm

    System Policy Editor for Windows 98

    You can download it for Windows

    98 at the above URL. It is easier if

    you search the web site by key

    words “system policy editor”.


    What do we use it for l.jpg

    Workstation security

    Customize your desktop according to your wishes

    Hide various icons as needed

    Hide the DOS prompt

    Not allow users to change any settings and configurations

    Only allow users to use public workstations for designated library purposes

    What Do We Use It for?


    How do we use policy editor l.jpg
    How do we use Policy Editor?

    For Windows 95

    • Create a directory on C:\ drive

    • Copy all the files from the Windows CD to that directory

    • Start the program c:\directory\Poledit.exe

    • Delete the directory where all the policy files are located

    • Or you can run it from a CD drive or network drive as you want


    How do we use policy editor24 l.jpg
    How do we use Policy Editor?

    For Windows 98

    • Go to Control Panel and install System Policy Editor in Add/Remove Programs

    • Run Poledit from Windows Run Box

    • Set up the system policies

    • Either remove the System Policy Editor or hide it after the setup


    How do we use policy editor25 l.jpg
    How do we use Policy Editor?

    Disable Display Icon in the Control Panel

    This is what you may do if you don’t

    want users to change your display

    settings in the control panel such

    as color schemes, refresh rates,

    resolution. You may not want users

    to change the background, screen

    savers, Window font, either.


    How do we use policy editor26 l.jpg
    How do we use Policy Editor?

    Disable Network Icon in the Control Panel

    This is how you disable Network

    icon in the control panel. Network

    icon has all the communication

    settings for the network. You

    should not allow users to play with

    them freely.


    How do we use policy editor27 l.jpg
    How do we use Policy Editor?

    Disable Password Icon in the Control Panel

    This is how you disable Password

    Icon in the Control Panel. Users

    can change windows password

    here.



    How do we use policy editor29 l.jpg
    How do we use Policy Editor?

    Disable Printing settings

    It is important to disable printing

    configurations.


    How do we use policy editor30 l.jpg
    How do we use Policy Editor?

    Disable System Icon in the Control Panel

    This is how you disable System

    Icon in the Control Panel. System

    Icon contains important

    information about hardware and

    related settings. You should not

    allow users to have access to it.


    How do we use policy editor31 l.jpg
    How do we use Policy Editor?

    Customize your desktop

    environment by

    supplying your own

    customized settings


    How do we use policy editor32 l.jpg
    How do we use Policy Editor?

    Some other policies that you can set up

    Those are some of the

    configuration parameters in

    System Policy Editor that we use

    very often.


    How do we use policy editor33 l.jpg
    How do we use Policy Editor?

    In Rider Library Electronic Computer Lab we used a

    single system policy file from a central location for all the

    client computers. First we created a single policy file on

    one computer. Then we placed that policy file on our server.

    We configured each client computer to point to the location

    of the policy file on the server. When users log on to the

    network, the system policies from the file will take effect.


    What is power toy tweakui l.jpg
    What is Power Toy TweakUI?

    TweakUI is a program that you can

    download from Microsoft web site

    at http://www.microsoft.com

    /windows95/downloads/. It is

    part of Windows Power Toys Set.

    Some of its features enable us to

    do things that System Policy Editor

    cannot help us to do. We use it in

    combination with System Policy

    Editor to lock down a computer.


    How do we use tweakui l.jpg
    How do we use TweakUI?

    TweakUI is a useful tool to help

    us automatically logon to

    our network. It saves us a lot of

    time as we have more than thirty

    public terminals to turn on each

    morning.


    How do we use tweakui36 l.jpg
    How do we use TweakUI?

    System Policy Editor can hide all

    the drives in My Computer, but that

    is not what we want. We only want

    to hide network drives. TweakUI

    can help us to do it. All you have to

    do is to set up System Policy Editor

    first and then set up TweakUI as

    shown on this slide.



    Netscape security38 l.jpg
    Netscape Security

    • Preferences

      • Most settings are under Preferences

      • Controlled by Prefui32.dll

      • C:\Program Files\Netscape\Program\ Communicator\Program\Prefui32.dll

      • Delete or Rename


    Netscape security39 l.jpg
    Netscape Security

    • Netscape Client Customization Kit (CCK)

      • Preset preferences including bookmarks, home page, etc. when doing an install

      • lock in preference settings (home page, cache, proxy settings, etc.)

      • http://home.netscape.com/partners/distribution/custom/product.html


    Netscape security40 l.jpg
    Netscape Security

    • Misson Control Dektop

    • Third Party Security software:

      • Ikiosk


    A rider voyager workstation l.jpg
    A Rider Voyager Workstation

    To summarize:

    • Batsh: Launch Netscape and Webvoyage or Voyager Windows Client on startup and prevent any unauthorized exit

    • Netscape: Webvoyage and Internet resources

    • Policy Editor: restrict access to Windows settings



    What is fortres 101 l.jpg
    What is Fortres 101?

    Fortres 101 is a desktop security

    software for Window NT, Windows

    95, and Windows 98. You can find

    information about it at http://

    www.fortres.com. It is easy to

    use and well documented. It

    offers many options that System

    Policy Editor and TweakUI don’t

    have.



    How does fortres 101 work l.jpg
    How does Fortres 101 work?

    • Erase a user’s name from logon

    • disable any icons on desktop

    • Put a password on icons

    • Central Control Service

    • Restrict URLs

    • Protect files and drives

    • manage group security


    What is winselect kiosk l.jpg
    What is Winselect Kiosk?

    Winselect Kiosk is another

    security software. We use it to

    secure Netscape and Internet

    Explorer.




    What is everybody s menu builder l.jpg
    What is Everybody’s Menu Builder?

    Everybody’s Menu Builder is a

    menu system. It provides both

    security and nice appearance

    to a public workstation.


    Where is everybody s menu builder l.jpg
    Where is Everybody’s Menu Builder?

    You can find information about it

    at http://www.carl.org/emb.


    Norton ghost l.jpg
    Norton Ghost

    • No security is foolproof

    • Backups, Backups

    • We use Ghost

    • Also use it to clone groups of computers to save time

    • http://www.ghost.com


    Conclusion l.jpg

    Conclusion

    Securing a Public Workstation under Windows 9x

    Dr. Sharon Yang and

    Edward Corrado

    VUGM 1999


    Overview l.jpg
    Overview

    • Batsh.exe

    • Windows Poledit

    • TweakUI

    • Netscape Security

      • Prefui32.dll

      • CCK

    • Third Party Software

    • Backups!



    ad