[ale] Parental Controls

[Justin Goldberg]

How do we implement parental controls? We have a customer with multiple
retail locations and one computer at each. They switched to Ubuntu to lock
down the label printing computers, but many of the employees are computer
savvy and they are still bypassing the controls. As far as I know, the
computer is used for printing shipping labels, and they do need internet
access for this. From what I know about the customer, they don't mind as
much about browsing random websites, they care more about preventing the
computer from being messed up and not being able to print, but they do want
to implement those controls. Using a firewall for blocking at each site is
not possible due to the cost. Here's what I've come up with so far:

 - opendns for basic parental controls
 - disabling usb access, to stop them from using portable browsers (this
means compiled in a way that they don't require installation, statically
linked binary?) and TOR
 - disabling Samba browsing, in case they plugged in a laptop with binaries
- we can go as far as disabling ftp

We can't stop them from downloading a psiphon or TOR binary, and launching
it.
Another route we could go is to lock down the computer and only allow
access to the ips of the websites that they have to access. I assume this
is possible with iptables. Any thoughts would be appreciated.

Justin "knows enough about Linux to be dangerous" Goldberg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20141112/0adf07f7/attachment.html>