Protecting public workstations

PUBLISHER’S NOTE: Please note that, as of 9/29/03, all of your valued Network World Fusion newsletters will be delivered to you from nwfnews.com. If you use filters to manage your newsletters based on domain name, please adjust accordingly.

In my last column, I looked at how Kinko’s public Internet workstations were compromised by someone using a keystroke logger program left running on those systems.

I referred to a New York Times article about that criminal’s activities by Lisa Napoli. What particularly interested me was Napoli’s statement, “Making the public aware of the vulnerability of shared Internet access terminals is one thing. Remedying this vulnerability is quite another.” She followed this surprising assertion with a quotation from an FBI agent who said, “I don’t know how you manage the risk.”

https://www.nytimes.com/2003/08/07/technology/circuits/07kink.html

Well, university network administrators do.

In universities and other schools around the world, students have access to computers linked to the campus networks. How are these systems protected against tampering, such as installation of unauthorized software, including keyloggers? Well, in the first place, systems with access controls are configured to preclude access with administrator privileges.

But everyone knows that user ID/password combinations are a dreadfully weak method for preventing unauthorized access. Passwords can be compromised by shoulder-surfing, because they’re written down, or using brute-force cracking of poorly secured one-way encrypted password files. But there is a simple method for reducing potential damage: clone the workstations’ disks every night. That is, the disk of each PC on the network is rewritten with a fresh, uncontaminated copy of the entire contents of the drive.

There are several products available which can automatically deploy the authorized disk image to hundreds or thousands of workstations provided you have adequate server speeds and network bandwidth (more information can be found at the links in the Related Links section below). These products would reduce (but not eliminate) the window of exposure on public terminals. So as users, all of us should be careful about what we reveal on such terminals. And don’t use the same password on multiple commercial sites on the Internet – you don’t want the compromise of one of those passwords to open up every account you use.

Finally, readers should note that the imaging software supports not only preservation of data integrity and trustworthiness but also provides a speedy mechanism for restoring functionality of a damaged system: restore the disk image of the operating-system drive and you don’t have to reinstall the software. These tools support the principle of a known-good copy of the operating system: take an image immediately after installing the operating system and before using – and potentially damaging – it. Then before installing new software (applications, drivers, etc.) you can restore the original image, do your installation, and take a new image (properly documented) for the next time you need to start from a clean environment.