By Steve Onedo

I work for a large cybercafe that’s close to a university, so most of our customers (about 80 percent) are students who are doing research or chatting on e-mail. These customers also do a lot of downloading for research projects.

Because of this public use of our equipment, we implemented a great many security restrictions. Of course, this presented a conundrum: Our business purpose is to provide customers with access to the Internet, and our revenue is based on charging them for that time. Sure, the restrictions helped to reduce the rate of virus attacks and possible intrusions, but if the students couldn’t use the Internet the way they wanted, it stands to reason that they wouldn’t spend as much time at our cafe.

In addition, every time a customer needed to run a different kind of software that required direct access to the Internet, the Administrator had to enter the Proxy setting or give it to the customer. Ultimately, there really was no protection, and customers were losing some of the time they paid for. Because of the restrictions, we were realizing only about 57 percent of our estimated revenue.

We decided to remove some restrictions. As a result, we were forced to continually reinstall almost 100 computers. So how did we solve the problem?

The solution
I met with the IT team (about five of us) and outlined the plan. It was as follows:

  1. Partition all the systems into two (one primary DOS partition and one extended DOS partition with one logical drive). Both partitions used 50 percent each of the total disk capacity.
  2. Format partitions with FAT32 file system.
  3. Copy the folder (I386) for the installation of the operating system (Windows 2000).
  4. Install the operating system (Windows 2000 Professional to the primary DOS partition for the workstations and Windows 2000 Server on the server).
  5. Install the basic software required by the general public for Internet access:
  • Microsoft Office 2000
  • Adobe Acrobat Reader
  • WinRar and WinZip
  • Norton AntiVirus
  • CheckIt or other diagnostic software
  • Yahoo Messenger
  • MSN Messenger
  • Timer software
  1. Make configurations:
  • Set all DNSs.
  • Share all hard disks, diskette drives, and CD-ROM drives. Password-protect the shared drives so that inquisitive users cannot gain access to shared drives.
  • Make any other configuration that needs to be made.
  1. Test the network connection. Test all software and make sure it’s running properly from each workstation. Ensure that all 100 systems are browsing properly at the expected rate.
  2. Create an image of the primary DOS partition onto the extended DOS partition. (This process was carried out using Norton Ghost. The span switch was used to ensure that the image sizes were split into 650 MB each.) After creating the image for each workstation, the images should be verified immediately for consistency to make sure they will work properly the next time they are used. This process (steps 1-8) should take about five and a half hours.
  3. Burn (copy) each workstation’s image onto two CD-ROMs using a CD writer and Nero CD Burning ROM. Verify the copied image immediately. Make the first Image Disk (Disk1) bootable with a copy of Norton Ghost. (Burning the image should be done gradually while normal cybercafe work is going on.)

The advantages of the setup
With each workstation having its own backup image on two CD-ROMs, we have no fear of a virus attack. We do this reinstallation every two weeks on the workstations, but we do it on the server only once a month (or once every two months, depending on the server’s condition).

The network configuration is very simple. Our satellite modem enables us to use routers. The server has a firewall installed. The server does very little work—it just monitors when a customer logs on to a workstation and is also used as a print server. The workstations access the Internet via the router, so there’s no overload on the server.

The best news of all: Our revenue increased by 37 percent.

What do you think of this solution?

Would you have done anything different in dealing with the threat of viruses in this environment? Drop us a line or post a comment in the discussion area.