[K12OSN] Securing a K12LTSP box
Bryant Patten
opensource at whitenitro.com
Sun Jun 4 16:45:30 UTC 2006
I have been asked by a couple of elementary schools to set up a K12LTSP
demo. One server, 4 terminals - so that people at the school can try
it out. Simple word processing, some image stuff and Internet access
are the planned uses. Sound and thumb drive usability are particularly
important.
My question for the collective list is:
After a vanilla, default-accepting install of K12LTSP (5.0 beta 7 is
what I am currently exploring) onto a new server box, what should one
do (if anything) to additionally secure or harden the box?
Do people recommend running something like Tripwire or Bastille? I
have done some reading about both of these but haven't yet tried using
either and I didn't find anything in the LTSP wiki about either
program. The wiki does offer the following warning - "Trying to run an
LTSP service over a public network such as the internet without any
security precautions is foolhardy in the extreme". I am beginning to
teach myself about network security issues but do not yet have a sense
of 'how much is enough' regarding hooking servers to the Internet.
In this type of situation, I am often not sure about the security set
up for the school's network. Phrases such as "...I'm not sure what we
do about security - Joe set that up and he is gone now..." or "our
consultant installed a Sonicwall but I don't anything about it..." are
often used. I explain to people that this box will not function as a
firewall but I would like to make it as secure as functionally possible
against being taken over by evil doers in this ambiguously secured
environment.
Bryant Patten
White Nitro, LLC
More information about the K12OSN
mailing list