[Gllug] Secure Internet Access Linux Box
John HEARNS
John.Hearns at cern.ch
Fri Jun 21 15:38:24 UTC 2002
On Fri, 21 Jun 2002, Jim Bailey wrote:
> On Fri, Jun 21, 2002 at 01:37:54PM +0200, John HEARNS wrote:
> > On Fri, 21 Jun 2002, Jim Bailey wrote:
> >
> if the user gained access to root he would only be able to operate for
> as long as the session lasted ACLs would also make sure that anything
> coming from that box to the internal servers would be considered suspect
> logged and the sys admin alerted.
Not just the sys admin :-)
I've had an evil Friday afternoon thought....
Bear with me for a moment.
If you run a web proxy, like Squid, you can get it to block sites on a
blacklist,such as http://members.lycos.co.uk/njadmin/
http://www.hklc.com/squidblock/
(I've never actually had to do this, these are just lifted from the
Squid FAQ).
Now, Snare can trap and log all outgoing network requests from a box.
Now, all we have to do is configure Snare to execute a script when
a user accesses port 80 on one of these lists.
Given that the secure PC is to be in a staff common room, a very loud
sound file could be triggered, with a alarm bell, or an embarrasing
message.
The really evil BOFH would put a webcam on top of the monitor,
to photograph the shocked expressions of those people who surf in
the dead of night (hospitals being a 24 hour environment).
Grin.
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list