| Author |
Message |
ChaoticMetroid
|
 Posted: Fri Oct 20, 2006 10:26 pm Post subject: Creating a Hack Proof/Protected Image |
|
|
| Hey, this is my first comp sci post although I lurked around a bit last year, so here goes. I'm currently attempting to create a hack proof/file protected image through which I can reimage a computer lab in my school. The problem that's arrising though is protecting the computers so students can't access areas they don't need, as well as are unable to right-click. We currently use Folder Guard 7.0 in the school, but the license has expired so I'm in search of alternative software (preferably free). Any other tips to help prevent unwanted tampering and the exploitation of loop-holes in security software are also appreciated. Thanks. |
|
|
|
|
 |
Sponsor
Sponsor
|
|
|
rdrake
|
| Posted: Fri Oct 20, 2006 10:38 pm Post subject: Re: Creating a Hack Proof/Protected Image |
|
|
I doubt you'll be able to do all that without spending at least some money... but there is an option from Microsoft called Shared Computing Toolkit for Windows XP.
Though, it being from Microsoft might present some problems.ChaoticMetroid wrote: ...a hack proof/file protected... A lot of places make use of DeepFreeze, might be something to consider. Though it is not free. |
|
|
|
|
|
Silent Avenger
|
| Posted: Fri Oct 20, 2006 10:41 pm Post subject: (No subject) |
|
|
| Well make sure you get all the loop holes unlike my school did. We were able to share files and games over the whole school network and this year they fixed that but came up with more loop holes. I know that you can use a program which I think is called deep freeze and it will delete anything off the c drive in the computer that a student may have saved there such as a video game. I also think it may restore any files that have been deleted off of the hard drive as well but I'm not so sure about that part. |
|
|
|
|
|
ChaoticMetroid
|
| Posted: Fri Oct 20, 2006 10:43 pm Post subject: (No subject) |
|
|
| Thanks for the tip off on Deep Freeze it seems like a good alternative, I guess now my main concern would be looking for loop holes, if anyone knows any common ones please let me know. |
|
|
|
|
|
Silent Avenger
|
| Posted: Fri Oct 20, 2006 11:25 pm Post subject: (No subject) |
|
|
Well I found the website for deep freeze and of course you have to pay for it, I'm not sure how much though.
website: http://www.faronics.com/html/deepfreeze.asp
I know of some tips to look out for:
*make sure they can't use any search features that comes with windows
*make sure they can't put any files on the network where it is accessible to all members
*make sure they can't change some settings on the computer such as the screen resolution
There are more loopholes I know of but I can't think of them right now. we also have a program at our school that checks if anyone has downloaded an exe file or running an unauthorized exe and it alerts the admins of the network. I'm not sure what they call the program but I'm sure if you google it you should be able to find something similar. |
|
|
|
|
|
ericfourfour
|
| Posted: Sat Oct 21, 2006 12:31 am Post subject: (No subject) |
|
|
Quote: *make sure they can't change some settings on the computer such as the screen resolution
In my school, some of the computers have this and this is the feature that pisses me off. When the screen resolution is locked at 800x600 there isn't enough room on the screen for anything. Also, when the refresh rate is locked at 60hz it kills my eyes. Personally, I think students should be able to adjust atleast the screen resolution and refresh rate because many people prefer different screen settings. |
|
|
|
|
|
Tony
|
| Posted: Sat Oct 21, 2006 12:48 am Post subject: Re: Creating a Hack Proof/Protected Image |
|
|
ChaoticMetroid wrote: as well as are unable to right-click
dumbest... idea... ever...
if you go to such extend to limit and outright annoy students (right-click is just a shortcut menu, available through keyboard and/or other menu lists), why let them use computers in the first place?
the best solution (also cheapest with a whooping price is FREE) is to install and run an actual multi-user OS system (so anything but Microsoft Windows). Unix groups, file permissions, and user privilages are your best friend for administering such environments. The student is completely free to use the computer to its full utility, yet are limited to their own user container and will not interfere with anyone else.
If for whatever political reasons, the expense of Microsoft Windows is justified, DeepFreeze is the way to go. Let the students run wild, the machine will just reimage itself at boot.
Just _please_ don't purposly cripple the machines. Also implement policies/guidelines for having students request additional software to be installed. There are a lot of programming languages and applications one might be interested in. |
Tony's programming blog. DWITE - a programming contest. |
|
|
|
|
ChaoticMetroid
|
| Posted: Sat Oct 21, 2006 10:56 am Post subject: (No subject) |
|
|
| They will be able to request software is put in, and programming languages needed such as VB, Turing, and JCreator will be installed before hand. The main concern is something like Counter Strike getting installed. As for right-click disabling people have in the past put up vulgar desktop backgrounds, and this would be an easy fix. The computers this is being done on will most likely only be used for occasional internet access, microsoft word, powerpoint, and programming, none of which I believe truly require right-click. |
|
|
|
|
|
Sponsor
Sponsor
|
|
|
wtd
|
| Posted: Sat Oct 21, 2006 11:04 am Post subject: (No subject) |
|
|
Using any MS Office app without right-click sounds like a nightmare to me. As for desktop backgrounds, one need only access the control panel and the background can be changed without right-clicking once.
Really, I think on some things you simply have to take the approach of finding meaningful ways of punishing students who break the rules (which must be clearly posted in no uncertain terms). Otherwise you might as well chuck the machines. |
|
|
|
|
|
Silent Avenger
|
| Posted: Sat Oct 21, 2006 11:54 am Post subject: (No subject) |
|
|
wtd wrote: As for desktop backgrounds, one need only access the control panel and the background can be changed without right-clicking once.
You can also use MS Paint to change the background as well, that's what we do at our school. |
|
|
|
|
|
rdrake
|
| Posted: Sat Oct 21, 2006 12:11 pm Post subject: (No subject) |
|
|
ChaoticMetroid wrote: As for right-click disabling people have in the past put up vulgar desktop backgrounds, and this would be an easy fix. If you allow a browser such as Internet Explorer to be used, as I recall students can hover their mouse over the image and set it as a background there.
If you're really concerned about saving money, perhaps you should consider replacing Microsoft Office with OpenOffice.org. It's a beautiful, free MS Office replacement that's 100% free and open source. |
|
|
|
|
|
neufelni
|
| Posted: Sat Oct 21, 2006 12:12 pm Post subject: (No subject) |
|
|
| At my school, we can right click but we can't get into the display properties. If we click on properties it says we don't have access to the properties. I think that doing something like that is a much better idea than completely disabling right clicking. |
|
|
|
|
|
Tony
|
| Posted: Sat Oct 21, 2006 1:07 pm Post subject: (No subject) |
|
|
ChaoticMetroid wrote: As for right-click disabling people have in the past put up vulgar desktop backgrounds, and this would be an easy fix.
Well as it's been pointed out above, there are a dozen different ways of changing the background. Including through the VB accessable Win32 API (which you plan on installing) - I've used it to overwrite my backgrounds even with a locked 'display settings' properties. 
That's why, as I've mentioned before, a multi-user OS choice is so good - the backgrounds could be changed, but they are limited to the specific user, so noone will end up loading the machine and finding an 'interesting' background left for them.
And I'm siding with wtd here - it would be best to meaningfully punish a few, but let the rest use computers in full, rather than purposfully break the machines for all. |
|
Tony's programming blog. DWITE - a programming contest. |
|
|
|
|
Silent Avenger
|
| Posted: Sat Oct 21, 2006 5:04 pm Post subject: (No subject) |
|
|
| Well I find that our school has quite a good system running with deepfreeze and seperate accounts for each student. By having separate accounts and giving each student a "spot" in the server there is no chance of them leaving an interesting background for the next person who uses the computer. But instead of cripling the computers let them be a little more functional just punish the ones who break the rules. A good punishment is kicking them off the computers for a week and letting them see how hard it is to do their work without a computer and they should learn that abusing the privilege to use the computers at school is wrong. Although somestudents may not learn so if there are students in the school that you know just won't learn then do what Tony suggested by running a multi-user OS. |
|
|
|
|
|
md
|
| Posted: Sat Oct 21, 2006 7:26 pm Post subject: (No subject) |
|
|
| I'm surprised it hasn't been mentioned; but if you make a general vmware image for each student and then run it on login you can be pretty secure. Limit hte vm's access to things; and store all files on a networked share. You can even just have one image for everyone and make it non-persistant. Then just have the vm reboot on logout and it'll wipe itself clean. |
|
|
|
|
|
|
Register
Wiki
Blog
Search
Turing
Chat Room
Members
