On Tue, Feb 14, 2006 at 10:25:50AM +0100, Philippe De Ryck wrote:
>Hello,
>
>I'm a network administrator in a highschool in Belgium. Right now all
>our workstations run Windows. There is however a possibility for me to
>convert some old machines that have quite some trouble running XP
>smoothly to linux. The problem is however that I'm not that experienced
>managing linux workstations.
>
>I've been a linux user for quite some time now (about 3 years) and I
>like debian (and ubuntu). There's however a big difference between my
>computer and public computers at school. I want things as secure as
>possible, and lockdown as tight as possible.
>
>I was wondering if there are any documents (there must be!) available
>on these issues. I know it is possible, I've seen machines that
>disallow console login (only X was allowed) and a whole lot else. I
>can't seem to get much useful out of google ...
There is a good document on securing Debian[1]. The rest is pretty much
depending on the applications your workstations will be offering.
One solution that I've seen in a lot of places where users aren't
trusted is to automate frequent re-installation of a "trusted" image.
That means, at least to some degree, that you can concentrate more on
securing servers, which is arguably easier.
If you are serious about security I'd recommend looking into books on
security in general since to do good job you need to put some thought
into assets, risks, and costs of securing.
/M
1. http://www.us.debian.org/doc/user-manuals#securing
--
Magnus Therning (OpenPGP: 0xAB4DFBA4)
magnus@therning.org
http://therning.org/magnus
Software is not manufactured, it is something you write and publish.
Keep Europe free from software patents, we do not want censorship
by patent law on written works.
Beauty is more important in computing than anywhere else in technology
because software is so complicated. Beauty is the ultimate defence
against complexity.
-- David Gelernter
Attachment:
pgpSVjjhyTPCe.pgp
Description: PGP signature