Slashdot Mirror
Administering a PC in a Vacation Rental Home?
mrn121 asks: "Some relatives of mine are preparing their beach house for rental, and they have asked me to assist in setting up some of the on-site technology. One of my ideas was to add a computer with high-speed internet access to the house, but security issues may be overwhelming. I have administered campus computing labs in the past, so I am familiar with locking systems down, but I am curious about what level of security readers might suggest, and how to go about achieving an appropriate balance between security and usability for such an application. On one hand, I don't want renters to clutter the computer with software and useless bookmarks, but on the other hand, I don't want the system to be utterly useless. One major difference between this computer and a lab computer is that I will not have access to the machine for the entire summer, while the house is being rented."
If you make the removable drive have boot priority, you can even make it an automated process, where the vacationers or the rental agent are told they can restore the computer to "fresh state" themselves by sliding the drive in, turning the key, powering up, waiting for it to do the copy, then shutting down, unlocking the drive bay, and putting the drive away again.
Aside from that, set up Windows update to install automatically, use a DSL/cable router box that blocks pretty much everything inbound, and hope for the best.
If you're going to do it with Windows, use XP and let everyone create their own limited account. All the "clutter" goes into their personal storage, not the whole system.
LOAD "SIG",8,1
I'd leave it completely diskless and put a Knoppix CD in.
-- Don't Tase me, bro!
If I were you, I'd go *only* as far as supplying a broadband connection, a cable/DSL router (which should block *most* crap by default) with DHCP enabled, a hub/switch (if necessary) in a closet somewhere. Then, in plain view, ethernet wall jack and a one-page sheet of instructions on how to make it work with *their* computer. Maybe a spare ethernet cable or two.
The way I figger it, if they can afford to rent a beach house, they can probably afford their own laptop if they wanna get some work done. And the most you'll have to do to service it *should* be to tell them to recycle the power on the router or cable modem, and you don't have to worry about the PC.
Ed R.Zahurak
You know, oblivion keeps looking better every day.
Along with a good Wifi firewall, and rent the place out as "WiFi enabled high speed internet access". That way, you can just give the WAP passwords to the rental agent, and people are responsible for their own machines.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
Or, you could do as another poster suggested and just make an install image for periodic recovery using Ghost.
Or, you could just figure that any renters who *need* a computer will be able to provide for themselves.
There are 10 kinds of people: ones who understand ternary, ones who don't, and ones who think this joke is about binary
Configure it with a largeish partition for ghost files. Install Windows on the other partition and configure it however much or little security you'd like. Enable the firewall. Install automated spyware & virus protection. Do windows update.
Ghost the machine as it is, properly configured, to the ghost partition. Later, after they've fucked everything up, you can restore from the ghost file.
Isn't that how you ran your labs?
There are no trails. There are no trees out here.
Maybe I'm missing something, but the obvious solution to me is just to create a guest accout without admin priviledges. Let the renters know when they move in that if they want to install any special programs (if they want to use the computer to play some game, for example) that they have to let you know at the beginning of the summer so you can install it. As long as it's clear in advance what they can and can't use the computer for I don't see a problem. Also, if you aren't going to be around to administer the computer make sure they know that - preferably in writing, since if they come with the expectation of being able to use the computer for work, and something goes wrong, they will be looking for someone to blame.
http://www.macosxlabs.org/presentations/other/Harv ard_SIG_Part_2.pdf
You do what for a living?
My prefered method of securing a computer in this situation would be a Boot ROM that quickly restores the system to a pristine state every time its rebooted. Look at some of the solutions offered by Rembo, such as BpBatch.
Properly set up, the loader in the boot rom can validate the user-accessible partition against a reference copy on a hidden partition, then syncronize it rapidly in a manner similar to that of rsync. The renter has nearly unrestricted use of the system, but the second they reboot, its a clean system. If you want to be less anal, you could configure it so the wipe is only performed "on demand", or performed at the request of an off-premises master server, allowing the renter to store files while they are there, and have them wiped when they leave.
By using all of these (including a BIOS scheduled powerup at 5am), you can have control over when you wish to wipe the main partition. You could schedule a weekly image dump, or whenever they called with a problem VNC in(the image dump and reboot shouldn't take more than an hour), and you could give them free reign over the system otherwise, so they could install their own games, or download all the spyware/virii they wish.
-Christopher Wu
http://www.christopherwu.net/
An internet cafe I know achieves this very simply: Every night after they close, they just restore every PC to it's original state from a backup on a hidden partition.
Takes them practically zero time or effort -- all they have to do is open the admin program, enter a password, and click 'Okay'. No disks or tapes to insert, and users can do anything the like to the machine during the day. (well... it might be awkward if they managed to delete the backup program, but I don't think that's happened yet.. and anyway, they keep proper backups too, just in case)
(Spudley Strikes Again!)
From your point of view, putting a computer in a beach house could be a headache anyway, for physical reasons. Everything in a rental property takes a beating. I'd just get a wireless router, hide it in a locked closet, and maybe put a few ethernet jacks where your guests can find them. Let them bring their laptops if they're geeky enough.
You might also make them sign something saying that they're responsible for whatever gets downloaded during the time they're in the house. That way, if you have a guest who downloads something that attracts the wrong sort of attention, maybe they'll get in trouble instead of you.
Am I part of the core demographic for Swedish Fish?
What do you mean you 'won't have access' to it for the summer. Just use one of the remote desktop systems if it's a Windows box or -better yet- if you set it up as a Linux box you can just SSH into it. If the dynamic IP is an issue, register a free dynamic hostname at (for example) dyndns.org and install the IP auto-updater. That way you can just ssh to 'beach-house.dyndns.org'.
As others have suggested, create limited user accounts. Make sure they've got all they need for web surfing, movie watching, music and so on, and lock everything else down, and just leave them a limited-space directory to save stuff into. If you're afraid they may need more software, just create a crap e-mail account for 'support requests' and use the remote desktop/ssh with admin privileges to install new software if you deem it to be ok.
Marxist evolution is just N generations away!
Don't bother putting a computer up. Get a decent, cheap 802.11g wireless router, and perhaps hook up a couple of jacks for hardwire LAN access.
If somebody wants a computer on their vacation, let them bring their own.
There's so little difference between politics and jihad lately...
I think it is fairly safe to assume that it being a vacation rental, presumably not in a resort community for programmers, that choices #1-5 will be windows 9x+, #6 might be mac OS X, with linux battling it out at #7 with windows 3.1. I am not trying to be all anti-linux here, but this is a vacation setting, you want to keep people as happy and comfortable as possible, not completely shatter some average guy's self perception of computer literacy.
As for protecting what damage the computer can do to the rest of the world, there are also easy OS agnostic solutions you did not realize- mainly a firewall. blocking all outgoing/ingoing ports except port 80 should keep anyone protected. Unless someone needs VPN access to their job, it is reasonable to only restrict them to the web. Yeah if someone knowledgable really wants to get around the system, they can... but who really rents a vacation house when they can go to a library. Its all about being reasonable- He probably has no idea who he is going to be renting to either... There is a threat of an axe murderer renting it and burying bodies in the basement, does that mean you recommend putting video surveilence down there?
Your idea of screening tenants to see what computer background they have is silly. hes renting a vacation house with a computer, not a computer with a vacation house.
It is posts like this that really make me want a (-1, stick up ass) moderation.
1. Remove the harddrive
2. Put the following BASIC program on a boot floppy
10 PRINT "TURN OFF THE COMPUTER AND GO OUTSIDE YOU LAZY SHIT"
20 GOTO 10
....but how about leaving an ssh server running and remotely add a new user every time it's rented and delete that user when they're done. With a nicely set up /etc/skel it should pretty seamless.
I have found there are just two ways to go.
It all comes down to livin' fast or dyin' slow. -REK, Jr.
UPS. Depending on where this is, beach houses suffer from enough storms and power outages to make this a necessity.
Sand and water. This is at the beach. Little Jimmy will start pecking away with sandy fingers. A weatherproof keyboard, at the very least. Sealed cabinet for the case, maybe.
Personally, I'd just give them access, and not the actual PC.
Can't use it for much, but hey...at least they can't screw anything up with it.
... and never did they have a computer in them. If I wanted a computer, I brought my laptop.
Anybody really wanting to access the internet on their beach vacation has the equipment to do so anyway. Seriously, laptops are common among business travellers, and all netheads have them or something like them.
If you want to advertise high speed internet access, few people will be expecting there to be an actual computer there. An ethernet jack hooked to a cable modem (out of sight.. like in a closet or wall or other locked area) is good enough. If you want to provide wireless, drop an access point back there hooked to the cable modem as well. Beyond that, I wouldn't put in one single bit of equipment. No computer, no monitor, nothing. Maybe a power protector on the cable modem/access point, but that's it.
Leave an instruction sheet on how to hook up their ethernet or 802.11b wireless (use a 802.11b access point, as the cable modem is slower than 11 mbits and b is cheaper/more compatible) and wash your hands of it. Nobody expects an entire configured system to be there, realistically. If you go to a nice hotel with connectivity, you don't get a computer in the room, you get a place to hook up your computer and that's it. That's expected. Leaving a whole system there just invites people to rewire the thing to hook up *their* system.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
If it's a Windows machine, I'd suggest putting DeepFreeze on it. It basically resets the computer back to its original state whenever you reboot the box. I've used this on many student workstations and it works like a charm. Unfortunately it won't stop some smartypants from booting off a cd and installing Linux or something like that ;-)
...if they use that connection to do anything illegal or nasty. your name'll be on the ISP's billing system...