LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-24-2012, 04:16 AM   #1
igor012
Member
 
Registered: Feb 2010
Posts: 87

Rep: Reputation: 2
What is the best way to restraint/secure a workstation ?


Hello,
I want to prevent users to copy on usb devices and some others actions.
I was thinking of using polkit. Do you think it is a good solution or does someone know some alternatives ?

Thank you
 
Old 02-24-2012, 11:06 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,450
Blog Entries: 54

Rep: Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893
Quote:
Originally Posted by igor012 View Post
I want to prevent users to copy on usb devices
Can I ask you for your reasons why?


Quote:
Originally Posted by igor012 View Post
and some others actions.
What?


Quote:
Originally Posted by igor012 View Post
I was thinking of using polkit. Do you think it is a good solution or does someone know some alternatives ?
Create a policy that denies any computer user from copying data on removable media or transferring data in unauthorized ways + disable parallel, SCSI, USB, Firewire, eSATA, PCMCIA and other such ports in the BIOS of each and every computer + physically lock those ports on each and every computer + disable all related modules from loading + enable auditing to track any violations + have all personnel searched ;-p If this is unmanageable then you must make it manageable. If you can't then, reasoning the other way around, one can say your data evidently is not worth such measures ;-p.

* BTW, if you were thinking about ways data gets off premises you might find this thread interesting.

Last edited by unSpawn; 02-24-2012 at 11:07 AM.
 
Old 02-29-2012, 04:41 AM   #3
igor012
Member
 
Registered: Feb 2010
Posts: 87

Original Poster
Rep: Reputation: 2
I want to prevent people from copying data (usb and cd/dvd)

It's been required by my company's clients to match with their own security policies.
 
Old 02-29-2012, 07:57 AM   #4
allend
Senior Member
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 3,459

Rep: Reputation: 852Reputation: 852Reputation: 852Reputation: 852Reputation: 852Reputation: 852Reputation: 852
There is always the physical solution. Remove optical disk writers and fit computer case locks to prevent reinstallation as well as hard drive removal. Fill the usb ports with epoxy.

To be more confident, remove networking devices and network connection points.

More sensitive data may require that you:
Ban the use and possession mobile computing devices such as laptops and mobile phones.
Ban the use of portable recording devices such as pencils and paper.
Require staff to work naked. Mascara and lipstick on skin is a potential low bandwidth copying technique.
Employ security to monitor and enforce restrictions.

More extreme measures that can be considered:
Train all staff to forget everything after a finite time, at a maximum the time needed to leave the workstation and get out the nearest exit.
Turn off all power.
Regularly disinfect with an EMP device.

If your life depends on this, give up. The concept of privacy is so last century. Just ask Google.
 
Old 02-29-2012, 08:08 AM   #5
igor012
Member
 
Registered: Feb 2010
Posts: 87

Original Poster
Rep: Reputation: 2
clever
 
Old 02-29-2012, 08:56 AM   #6
allend
Senior Member
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 3,459

Rep: Reputation: 852Reputation: 852Reputation: 852Reputation: 852Reputation: 852Reputation: 852Reputation: 852
I wanted to underline the point that a software solution can only take so far.
You have not provided enough detail about your circumstances to provide full advice. If you have all Linux machines, then not allowing users access to plug devices by group permissions is possible. Removing the code that allows optical disks to be written is possible.
However, this would not stop someone from plugging a laptop into your network and copying the data.
The history of security shows that users will find ways around the barriers if it interferes with their ability to get the their work done.
 
Old 02-29-2012, 10:04 AM   #7
igor012
Member
 
Registered: Feb 2010
Posts: 87

Original Poster
Rep: Reputation: 2
Hi,
You could have chosen another way to explain your point of view. Lack of details wasn't worth such sarcasm.

I'm trying to set what I was asked: policies to secure workstations. no usb drive/cd copy on openSUSE 12.1.

Regards,
 
Old 02-29-2012, 06:04 PM   #8
allend
Senior Member
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 3,459

Rep: Reputation: 852Reputation: 852Reputation: 852Reputation: 852Reputation: 852Reputation: 852Reputation: 852
Quote:
If you have all Linux machines, then not allowing users access to plug devices by group permissions is possible. Removing the code that allows optical disks to be written is possible.
Exactly how hard did you try to find this information?

Disabling usb storage devices. http://tcs-security-blanket.blogspot...-opensuse.html

To prevent optical disk writing, remove cdrtools and dvd+rw-tools.
 
Old 03-01-2012, 02:40 AM   #9
igor012
Member
 
Registered: Feb 2010
Posts: 87

Original Poster
Rep: Reputation: 2
Thanks
 
  


Reply

Tags
policykit, secure


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How secure is vsftpd? What alternative is there for more secure access? Gum Linux - Security 5 03-24-2009 05:00 PM
Windows workstation Samba error "not allowed to log on from this workstation" salscozzari Linux - Networking 0 01-02-2008 02:04 PM
Do you secure your Desktop/Workstation? reverse General 5 11-19-2007 06:26 AM
how can I secure my nis server ?can I use openSSL to secure it form sniffing ? abhi_raj Linux - Networking 1 07-10-2006 06:19 AM
LXer: University of Michigan Selects SSH Tectia for Secure System Administration and Secure File Transfers LXer Syndicated Linux News 0 04-25-2006 12:54 AM


All times are GMT -5. The time now is 06:10 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration