Security is a top concern for individuals involved in the maintenance and day to day operation of an open computer lab environment. Washburn School of Law Library maintains an open computer lab for student use. The lab consists of a combination of fourteen computers for general student use. Programs available range from WordPerfect 5.1 and 6.0 (DOS version) to Netscape for WEB browsing. The areas of security for this computer lab consist of two basic areas, the physical unit's hard drive and attacks by computer virus.
The computer lab systems use Windows for Workgroups 3.11 as a secured menu system. Each computer is connected to an Artisoft Lantastic ethernet network that provides for sharing of printers, centrally shared software programs, and an extensive CD-ROM network. Windows is started on each of these computers, through the use of a small startup program. This program starts the Windows program and prevents the normal exiting of windows. Any attempt to exit windows is met with the prompting of a password to exit to DOS. If the password is not correct, the computer returns to Windows.
Changes in the basic Windows environment are prevented though the setting of restrictions in the progman.ini file. These restrictions prevent the savings of any changes to Windows, restrict users to only those Window groups that contain programs relating to software for student use, and maintain a common "look and feel" to the desktop on all computers in the lab. These restrictions are accomplished in the following manner:
[Groups]
;Group1=C:\WINDOWS\MAIN.GRP
;Group2=C:\WINDOWS\ACCESSOR.GRP
;Group3=C:\WINDOWS\GAMES.GRP
;Group4=C:\WINDOWS\STARTUP.GRP
Group5=C:\WINDOWS\LABAPPLI.GRP
;Group6=C:\WINDOWS\APPLICAP.GRP
Group7=C:\WINDOWS\INTERNET.GRP
;Group8=C:\WINDOWS\LANTASTI.GRP
[Restrictions]
NoRun=1
NoSaveSettings=1
NoFileMenu=1
EditLevel=4
(Complete explanation of the use of these restrictions can be found in the Windows for Workgroups Resource Kit, on pages 6-76-78.)
Basic hard drive data is maintained in a backup location, to facilitate ease of maintenance of programs for each of these computers. Individualized configuration files for each computer are also maintained in this backup location. These files are for the rare occasion of file deletion or corruption.
The primary concern to the security of the open computer lab is in the area of computer viruses. We maintain the philosophy that computer viruses are like the common cold among students, eventually everyone will catch one. Our defense mechanism against virus infection is multi-level. First level defense from infection has been accomplished through the installation of a boot sector anti-virus program. This program checks the boot sector of the hard drive on initialization and if a virus infection is detected, the virus is removed and the computer reboots automatically. Second level defense is through the use of an anti-virus scan process during the execution of the autoexec.bat program. I highly recommend the use of either McAfee or F-Prot anti-virus software, due to the frequency of updates to the software. Currently there are more than 5000 computer viruses and an estimated 100 to 150 new viruses are created each month. Due to past memory restrictions we had not used a TSR style anti-virus prevention scheme, this situation will change due to the increase of virus infections. We will use an anti-virus TSR set to "swap to disk" to allow for a minimum amount of memory usage. This type of protection will scan each individual diskette that a student uses during the access of the diskette.
A major new security concern to computer systems that have a connection to the Internet, is the possibility of a virus being downloaded from the Internet. Only a short time ago this possibility was considered impossible. Now, through advancements in the development of computer viruses, infections can occur from files downloaded from the Internet to the local computer. Anti-virus software is now available to scan the file during the download process and clean any virus detected in the file. This software should be used by all computers that have Internet access and download files from the Internet.
Virus protection and prevention are also provided to the individual student though an icon on each computer in the lab. This icon allows the students to scan multiple diskettes for virus infection at their convenience. Students may checkout diskettes from the library circulation desk that contain virus scanning software, for use on their home computers. This has helped alleviate some stress and paranoia of students concerned with taking a virus home to their computers. This method has been of great value in detecting virus infection before it has come to the lab.
While security in an open computer lab can be much greater than what is found at Washburn, the one major thought to keep in mind is that no matter how smart or cautious one may be, someday something will happen to breach the tightest security. Prevention and commonsense approaches to maintaining solutions to situations will ease some of the burden for those presented with the results of these situations.