Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Setting up an Internet Cafe & network - security questions

Options
  • 12-11-2006 2:38pm
    #1
    SachaJ
    Registered Users Posts: 1,746 ✭✭✭


    Hi All, thanks for taking time to read this thread......

    I've been asked to set up an internet cafe for a relative, so it's got to be done right enough.

    As it is we're getting in 4 Dell Optiplexes with SP2, and using an older spare machine as the server. I think Ghost would be a worthwhile investment as I reckon these machines will be getting knackered on a regular basis.

    The bit that is concerning me is security. We'll be getting in Eircom BB and then putting it through a switch to facilitate all the machines. Not getting a wireless router - no need.

    I'm not too sure how to separate the clients from the server. I was thinking about a Cisco PIX firewall and put the clients in the DMZ, but in this case how could the clients use such things as the printer and/or scanner (which would I expect be connected to the server machine)? Also a benefit of the PIX is that I can VPN in as I live 30 odd miles from the proposed cafe, and I'm sure I'll be expected to provide some sort of maintenance. I think the server should be separated from the clients as you'll always get some smart arse trying to mess things up.....

    Anti-virus. Would something like Symantec be better where you could manage the clients from the server, or would something like AVG do?

    Any help would be greatly appreciated.

    Also if anyone has any idea of the expected software on machines in cafes. I'm gessing all the messenger s/w, Open Office (can't afford MS Office for now), all the browsers. Anything else?


Comments

  • Options
    #2
    Random
    Closed Accounts Posts: 19,080 ✭✭✭✭Random


    I guess it would be nice to get an AV program you can manage over the network, but it might be just as easy to get AVG to auto update on each reboot?

    As for AVG, can the free version be used in a commercial environment? You might want to check up on that.


  • Options
    #3
    SachaJ
    Registered Users Posts: 1,746 ✭✭✭SachaJ


    ciaranfo wrote:
    As for AVG, can the free version be used in a commercial environment? You might want to check up on that.

    I agree, it is something I need to look into. I need to know the situation with Ghost and client licences as well. OpenOffice I think is ok in a commerical envirnoment.

    Also, could something like Smoothwall be an option over the Cisco PIX?


  • Options
    #4
    ZENER
    Registered Users Posts: 6,163 ✭✭✭ZENER


    Smoothwall offers a lot for this sort of setup, like transparent proxy, firewall and a DMZ with a third eth card. Also makes VPN easy too.

    Another option is SME server which allows a webserver and mail server facility along with ldap.

    My personal preference is Smoothwall though.

    Oh and try SOFOS AV.

    ZEN


  • Options
    #5
    Urban Weigl
    Closed Accounts Posts: 2,784 ✭✭✭Urban Weigl


    You can get software that will "restore" the computers each time they're rebooted. I forget the name, but it's available for Windows and Mac OS X. I'll have to look it up tomorrow.

    Basically what it does is it will restore the exact state of the hard drive contents and system software to whatever you wish each time you start up or restart one of the computers, so no matter how much damage is done/how many viruses are installed, a simple reboot fixes everything. Freeze something it was called... Deep freeze perhaps. As I said, I'll have to look it up.


  • Options
    #6
    SachaJ
    Registered Users Posts: 1,746 ✭✭✭SachaJ


    ZENER wrote:
    Smoothwall offers a lot for this sort of setup, like transparent proxy, firewall and a DMZ with a third eth card. Also makes VPN easy too.

    Another option is SME server which allows a webserver and mail server facility along with ldap.

    My personal preference is Smoothwall though.

    Oh and try SOFOS AV.

    ZEN

    I think Smoothwall could be the way to go. Are you talking the free version here? We have a clapped out machine that we were going to use as the software admin server, but I think it would be better suited to firewall duties.

    Certain it only has one ethernet card so I'll need another.


  • Advertisement
  • Options
    #7
    SachaJ
    Registered Users Posts: 1,746 ✭✭✭SachaJ


    Urban Weigl wrote:
    You can get software that will "restore" the computers each time they're rebooted. I forget the name, but it's available for Windows and Mac OS X. I'll have to look it up tomorrow.

    Basically what it does is it will restore the exact state of the hard drive contents and system software to whatever you wish each time you start up or restart one of the computers, so no matter how much damage is done/how many viruses are installed, a simple reboot fixes everything. Freeze something it was called... Deep freeze perhaps. As I said, I'll have to look it up.

    yes you are right - googled it after your recommendation. DeepFreeze. Looks like it is something I will really need.


  • Options
    #8
    shano
    Registered Users Posts: 130 ✭✭shano


    SachaJ wrote:
    yes you are right - googled it after your recommendation. DeepFreeze. Looks like it is something I will really need.

    I don't know much about this DeepFreeze software but the following came up on a google search: http://www.governmentsecurity.org/archive/t123.html


  • Options
    #9
    NutJob
    Closed Accounts Posts: 884 ✭✭✭NutJob


    Shared commuter tool kit will let you lock down a PC and freeze a profile.
    http://www.microsoft.com/windowsxp/sharedaccess/default.mspx
    The advantage of using this method is your pcs get updates and you have users running in limited accounts with bugger all permissions except what's needed




    you will need an ant-virus solution you can schedule properly.
    Spybot does a good job on spyware and can be scheduled to run on idle


    Management software
    http://sourceforge.net/projects/cybera/


    VPN access
    Openvpn
    http://openvpn.net/ (can hurt to set up)

    Ssh port tunnelling under windows
    http://www.lifehacker.com/software/home-server/geek-to-live--set-up-a-personal-home-ssh-server-205090.php
    also see putty for tunneling


    handy toy for cloneing pcs
    http://www.sysresccd.org/Main_Page


  • Options
    #10
    PDD
    Registered Users Posts: 1,019 ✭✭✭PDD


    Speaking from experience forget about doing them individually manage them all centrally and depending on what you want to be doing you can just re-image them over night. Forget about paying good money for Ghost when there are much better options out there for Free such as PartImage

    http://sourceforge.net/projects/clonezilla
    http://backuppc.sourceforge.net/
    http://freshmeat.net/projects/uberimaging/
    http://www.partimage.org/Main_Page

    http://www.linbox.org/ - These guys look very interesting, very affordable and give service contracts too. Of course there is http://www.freenas.org/
    and a few others etc for network backups.

    http://sourceforge.net/projects/nasbackup/
    http://sourceforge.net/projects/pba-vm/

    Even guides like
    http://canned-os.blogspot.com/2006/08/hard-disk-backup-and-restore-using-pba.html

    They are available in VMImages so you dont even have to isntall linux to use them but it means you can try them outwithout the headache of installing them.


Advertisement