[Gllug] Secure Internet Access Linux Box

Mark Preston mark at markpreston.co.uk
Fri Jun 21 06:13:10 UTC 2002 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Wulf,
I seem to recall speaking to a Cambridge graduate and Perl guru after the 
last GLLUG meeting I attended in February,  and who's name escapes me, and he 
was explaining that running X is basically insecure. I was with Frank Sutton 
and Anthony Shaper in the Green Man pub at the time. The topic was making my 
head hurt, but after the third pint of beer I felt a bit better. To be really 
secure would it not be better to run everything through a "hardware" firewall 
such as IPCop or Smoothwall?
Notwithstanding what I have just written above, I would think that running 
say Mandrake 8.2 secure which doesn't allow root to run X woud be pretty 
secure for most purposes, and it also allows normal users to run X. Even 
running any type of Linux is likely to be less susceptible to viruses than an 
IE/Windows set-up I would think.

"I was happy in the haze of a drunken hour, but heaven knows I'm miserable 
now" -The Smiths

- -- 
Regards from Mark Preston
www.markpreston.co.uk
P.S. Why is it that when I run the spellchecker I always get GLLUG --> GULAG 
replace?

> From: Wulf Forrester-Barker [mailto:wulf.f-b at uhl.nhs.uk]
> Sent: 04 April 2002 10:10
 I've been asked by the head of IT here to look into setting=20
> up a secure
> Linux box for use in one of our staff rooms. So far we've=20
> used a fairly
> well locked down Win98 box but there have still be problems=20
> of programs
> getting installed and traces of less than desirable web searches being
> remembered, etc.
>=20
> The brief is to install Linux, boot into a graphical=20
> environment with a
> browser and not let the anonymous user do anything except surf the
> internet (and to tidy up all traces of their activity from the local
> machine on a regular basis).
>=20
> I imagine that I can accomplish most of this by setting up a=20
> guest user
> and giving them no access (certainly no read access) to pretty much
> anything except their home directory (for browser cookies, etc)... and
> then using a cron job to refresh even that every few hours.=20
> I'm not sure
> about how to boot automatically into the graphical environment - how
> about an account with no password?
>=20
> I'm waiting for a spare box to be dropped off in my office - I'd be
> grateful for any experiences or suggested websites that will=20
> help me get
> some more understanding (rather than just muddling through).
>=20
> Cheers,

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9EsQCfivV/DViI8cRAhICAJ9GTQunFBX42c6thSBM4Ci75xfuaQCcC20F
3jEMv/B6Wkfe4ie+7Rd+7UE=
=hmd2
-----END PGP SIGNATURE-----


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list