Locking down PCs

From Library Success: A Best Practices Wiki
Revision as of 22:23, 21 October 2007 by Librarycomputerguy (Talk | contribs)

Jump to: navigation, search

Contents

Introduction

Legal protection, patron privacy protection, and computer security are key concerns for libraries that provide public access computers (PACs). Providing access to computers and the Internet are now seen as an integral role for libraries, and along with that expanded role come a host of new threats and concerns. Providing this technology and protecting from the increasing level of threats is a constant battle.

Legal Protection

Filtering

Filtering is a contentious issue and is required for E-rate by CIPA. This requires filters to be installed on all Internet filters can limit end user's exposure to undesirable content, but may also restrict their access to legitimate content. There are numerous commercial and opensource web-filtering programs available.

Computer Use Policy

The use of policy has been an important tool for libraries and by extension apply to this new library tool. Most PC Management solutions include a click-through Acceptable Use Policy to ensures that all Patrons agree to the library's terms of use. Library computer use policies should outline acceptable and unacceptable uses of both the equipment and the Internet access. The policy should also outline how the policy is enforced and a include a disclaimer.

Patron Privacy Protection

It is important that Public PCs contain security features designed to detect when users have left the station but forgotten to log out and ensure that all their personal files and information are automatically cleared from the station to protect the user's privacy. Libraries also need to control the time that patrons have access to computers to insure that all users get a fair chance to utilize these services. Some libraries may still used manual methods to do this, but many automated systems exist. For example, pc management system like Envisionware's PCres (for windows systems) make this possible. Free and OSS options are available for both GNU/Linux and Windows.

Securing PACs

All Operating Systems

All operating systems require frequent system updates to patch security hole discovered in the OS. Many Commercial products exist to protect PACs. These two lock the harddrive and bring the system to a restored state after reboot. This is also helpful to protect the privacy of users.

Windows

Because it is more ubiquitous and therefore a larger target for crackers more diligence is required in securing a Windows machine for public use. It is critical to have antivirus software and antispyware software installed on Windows machines. There are a large number of commercial products available to

Windows 2000 or older

Public Access Computing Security Tool

Windows XP and Vista

1.Un-install old security software (if applicable)
2.Install SteadyState as per instructions.
3.Start SteadyState
4.Set Computer Restrictions:
a)Privacy Settings: use all defaults
b)Security Settings: use defaults plus:deselect “Turn on the Welcome screen”
5.Create  user 'all' and remove all restrictions.
6.Give “all” administrative rights. 
a)Click Start > Control Panel > Users > All > Change account type
7.Click on Home in user control panel and “Change the way users log on and off”
a)remove Welcome Screen
8.Log in to 'all'
9.Set desktop background, silver theme, power settings and icons on desktop.
10.Run programs, MS Office apps and OpenOffice to insure installation and Adobe reader for license prompt.  Set search options for I.E.
11.Log out of “all” and log back into administrative account.
12.Run SteadyState.
13.Set restriction in SteadyState:
a)Windows Restriction : Select high and UNCHECK:
Start Menu > Remove the control panel icon use this to allow safe removal of USB devices
General Restrictions > Prevent Autoplay on CD / DVD
General Restrictions > Prevent access to Windows Explorer features...
this will allow the tabs to function in IE7.
General Restrictions > Remove CD and DVD burning
General Restrictions > Disable Notepad and Wordpad
General Restrictions > Prevent users from saving files to Desktop
Hide Drives > Local Disk (C:)
b)Feature Restrictions : high but unchecked:
Internet Explorer Restrictions > Prevent Printing
Menu Options > Remove Help
Toolbar Options > Size, Full Screen, Print and Third Party Extensions Buttons.
Microsoft Office Restrictions > Prevent use of visual basic...
this option will allow wizard templates to run, but could pose some risks.
c)Set home page to your library home page url.
14.Set session timers (this is to prevent the screen saver from showing.)
a)Log off after 700 minutes of use.
b)Log off after 700 minutes idle.  
15.Lock profile
16.Reboot
17.Set disk protection to Remove all changes at restart.

GNU/Linux

DIY

GNU/Linux machine are more secure in their design, and some GNU/Linux distributions will work as they are.

Turnkey Solutions

Resources

  • Balas, Janet L. 2004. "Managing Public Access Computers and the People Who Use Them." Computers in Libraries 24, no. 6: 35-37.
  • Carter, Howard. 2002. "Misuse of Library Public Access Computers: Balancing Privacy, Accountability, and Security." Journal of Library Administration 36, no. 4: 29.
  • Huang, Phil. "HOW YOU CAN PROTECT PUBLIC ACCESS COMPUTERS and Their Users." Computers in Libraries. 27, no. 5. 16:5.
  • Sendze, Monique. 2006. "THE BATTLE TO SECURE OUR PUBLIC ACCESS COMPUTERS. (Cover story)." Computers in Libraries 26, no. 1: 10-16.
Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox