Results 1 to 3 of 3
2013-03-14, 09:23 #1
- Join Date
- Mar 2010
- Thanked 0 Times in 0 Posts
Ideas & Considerations for a secure public workstation?
I'm looking at ideas for setting up a secured public workstation in a senior center.
What I mean by "secured" is that we intend to fall back on the old "nuke 'em" school of security. Instead of relying on playing whack-a-mole with security scanners, the system will be set up and then imaged to a read-only media, preferably a dvd or flash card depending on the size needed. This will then be sealed into the workstation.
We'd like to set it up so that when a new user sits down to start the computer, the secured image is written over the hard drive, ensuring a clean system with no chance of malware being on it.
The system would run malware scanners, but obviously, would never be totally updated since that would mean updating and then burning a new boot image, something thta might happen every couple of months but that's all.
So here's the challenge. If we use Win7 as the OS, how big a clone image ar we looking at, with some basic apps (like OpenOffice and the leading browsers) installed in it? What's the fastest way to make that secured image load and get the computer started each time? Putting it on an SD card, I'm guessing, so it can be internal? Or a USB stick that is secured to the case?
We want folks to be able to check their email, maybe check their bank since social security is going all-electronic this year, no more paper checks. And possibly, give them each a USB stick to keep "their" personal settings, if we can do that in a way that will also protect them from malware being saved with it.
2013-03-14, 09:36 #2
- Join Date
- Mar 2001
- St Louis, Missouri, USA
- Thanked 1,026 Times in 899 Posts
Why not run the workstation as a virtualized image? If you have a snapshot of a pristine version of the workstation you can load that each time and return to the pristine state. It will cost a little more to start as you need a copy of the OS running in the virtual machine. Periodically, you could login as an administrative user and update the snapshot.
If you are willing to consider Windows 8 and you can get the Enterprise SKU you can create USB sticks (see Windows to go: feature overview)) for anyone you want with a unique copy of Windows 8 and boot Windows from the USB stick. NOTE: I'm not sure about the licensing requirements for this feature but I do know that Software Assurance is required.
2013-03-14, 13:07 #3
- Join Date
- Oct 2012
- Thanked 267 Times in 260 Posts
What you want is a virtualization redirection product like Returnil or Deep Freeze, wherein sessions of activity are allowed, but then when the system is turned off or rebooted, it comes up just as it did before any previous access on the next boot. Microsoft used to have Steady State for exactly this scenario but abandoned it due to decreasing need for public access computers most likely. You don't even need malware scanners; what's the point? All you need is a sign next to the computer saying, If in doubt, save any data you need to your thumbdrive and restart. Periodic update schedules would be entirely at your discretion, maybe aided by a suggestion box or quick meeting as to what some may want installed on a more permanent basis.