[H-GEN] Quick question
Robert Brockway
robert at timetraveller.org
Fri Oct 8 11:53:10 EDT 2004
On Fri, 8 Oct 2004, Tim Kent wrote:
> You may want to take into account physical security too, such as
> removing the floppy/CD drives from the boot order. I'm sure you've
> thought of this though!
Harry, also watch out for someone replacing the box entirely. You noted
it would get an IP via dhcp and would then have its web access restricted.
'3leet w4r3z user walks up with laptop while no one is looking, plugs it
in to the port formerly occupied by your public access box, gets a
_different_ address via dhcp and go onto to hit whatever sites they want -
or worse. This is not as theoretical as it might first sound.
There are options like only routing data back to specific addresses - ie,
do host routing not net routing. This is in addition to any firewall
installed between the public acess terminal(s) and the 'net.
Having any public access terminals on their own physical lan is essential.
Rob
--
Robert Brockway B.Sc. email: robert at timetraveller.org, rbrockway at uqconnect.net
Linux counter project ID #16440 (http://counter.li.org)
"The earth is but one country and mankind its citizens" -Baha'u'llah
More information about the General
mailing list