[ale] Parental Controls

JD jdp at algoloma.com
Wed Nov 12 10:35:10 EST 2014 

On 11/12/2014 10:03 AM, Jim Kinney wrote:
> Setup hosts file with name and IP of required remote systems. Disable DNS
> caching. Set DNS to bogus IP. Print sign that reads "Unauthorized access will
> result in termination" and tape it so they have to move it to see the screen.

Until someone is actually terminated, they won't believe it.  I've seen this
aspect before around GPS tracking of commercial vehicles. Idle threats don't
work. Someone will need to be fired, escorted out in front of other employees.

Either the owners and management want the systems locked down or they do not.
Best to find out how far they are willing to go before.


> On Nov 12, 2014 9:51 AM, "Justin Goldberg" <justgold79 at gmail.com
> <mailto:justgold79 at gmail.com>> wrote:
> 
>     How do we implement parental controls? We have a customer with multiple
>     retail locations and one computer at each. They switched to Ubuntu to lock
>     down the label printing computers, but many of the employees are computer
>     savvy and they are still bypassing the controls. As far as I know, the
>     computer is used for printing shipping labels, and they do need internet
>     access for this. From what I know about the customer, they don't mind as
>     much about browsing random websites, they care more about preventing the
>     computer from being messed up and not being able to print, but they do want
>     to implement those controls. Using a firewall for blocking at each site is
>     not possible due to the cost. Here's what I've come up with so far:
> 
>      - opendns for basic parental controls
>      - disabling usb access, to stop them from using portable browsers (this
>     means compiled in a way that they don't require installation, statically
>     linked binary?) and TOR
>      - disabling Samba browsing, in case they plugged in a laptop with binaries
>     - we can go as far as disabling ftp
> 
>     We can't stop them from downloading a psiphon or TOR binary, and launching it.
> 
>     Another route we could go is to lock down the computer and only allow access
>     to the ips of the websites that they have to access. I assume this is
>     possible with iptables. Any thoughts would be appreciated.
>      
>     Justin "knows enough about Linux to be dangerous" Goldberg
>

More information about the Ale mailing list