This is part 2 of 2 in building and setting up a secure Gentoo Linux kiosk system. Here I will configure the X system, extras and lock the system down. Part one can be followed here.
This is a two part guide to setup and configure a completely locked down kiosk Linux system that can be used in kiosk booths or as in my case as a client system for Call Centers with a web driven backend. Nice thing is that to have your agents work on different systems (Web Backends), you can update all workstations in batch to point to a new “URL” (backend system) that they need to work on.
Configuring a Cisco IOS VPN server and allowing VPN clients to connect encrypted IPSEC. This setup still allows Internet access using a Split Tunneling configuration.
A handy way of capturing data with a browser and inserting into MySQL via form submit. Pulling the captured data from MySQL and displaying it with a browser is just as easy.
This is with normal “Username/Password” authentication. Apparently IOS 15 and up supports public/private key authentication…
Creating and setting up SSH key based authentication for passwordless remote server logins on Linux or Mac OS X.
Setup Putty SSH client, for passwordless public private key based authentication on Windows.
Setting up read-only SNMP community and sending SNMP traps to a central SNMP trap receiver, on Cisco devices. Some options like Spanning-tree, under the trap configuration, will not neccessary be available on all devices.
Setting up a DHCP server to hand out IP addresses to clients, on a Cisco router or switch.
Using a Cisco router to do the routing and a 3COM 4500 Superstack III switch for the VLANs, 802.1Q trunk setup. I’m not going to use port 1 on the switch, as this belongs to the native VLAN1. Also remember that all the other ports on the switch, not assigned to their own VLANs, will also by default belong to VLAN1. In other words, all devices plugged into any of the VLAN1 ports, will be able to see each other by default!