[Gllug] Securing a standalone server on a casino floor.

Neil Macvicar neilm at kernelspace.co.uk
Fri Apr 1 14:17:00 UTC 2011 

Logging should be done to a "write-once" medium, for example a dvd. That way logs cannot be tampered with once written. The best way to do this is to pipe logging data over the network to a dedicated logging machine. I appreciate that this may not be an option though, if they don't trust the machine to be networked (hard to see why not, since all fruit machines in casinos in london are networked up to a crappy laptop running winXP (!) - I have visual confirmation of that.

Cheers,
--Neil.

----- Original Message ----- 

From: "tid" <td at bloogaloo.co.uk> 
To: gllug at gllug.org.uk 
Sent: Friday, 1 April, 2011 2:24:42 PM 
Subject: [Gllug] Securing a standalone server on a casino floor. 

I'm about to take on a short project securing a stand-alone server 
running an Linux/java-based gambling app driving one display 
on a casino floor - I don't have many details about the app, but the 
client wants all physical access to the machine disabled. There 
will be two modes: "demo", and "live", which will be controlled by 
inserting a USB dongle, then removing it. 

I can physically mount the box in a secure cabinet, and am wondering 
how much SELinux will bring to the party. 

Things I'm thinking of: 

- disable keyboard / mouse access on the mobo if possible 
- remove all networking hardware, or disable on mobo. 
- log as much data as the official auditor requires - I assume this 
to be any hardware access / file timestamp changes 
- Can't disable the USB as the app requires it. 

What else do people recommend? 

Tid 
-- 
Gllug mailing list - Gllug at gllug.org.uk 
http://lists.gllug.org.uk/mailman/listinfo/gllug 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kernelspace-email.png
Type: image/png
Size: 3576 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20110401/0dd9bd08/attachment.png>
-------------- next part --------------
--
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list