We help IT Professionals succeed at work.

Need tips on good security for an Internet cafe

Medium Priority
Last Modified: 2010-03-18
A client is interested in having my company support an Internet cafe where kids could come and play Internet games like Warcraft.  W2K3 server + 10 PCs.  System is already basically in-place they say.  Machines h ave been looked down with something called "Smart Launch", a "Cafe Manger" software (that is a GUI for Group Policy).

What special needs would an Internet cafe have in comparison to any other small business.  Would you recommend hardware firewall like Watchguard or is that overkill?

Watch Question

ghost, true image or other enterprise solution for resetting systems at night.

for security I would either use  ISA server on a separate server, or build a custom linux firewall.  I would usually advocate for hardware firewall, higher end the better, but here I would stronlgy advocate either of the above.

The reason is I have done a couple of internet cafe's and my approach is fairly straight forward-
Proxy all web and ssl web.
leave the games on running via NAT unproxied because it will kill the game.
restrict anything that isnt the game or web/https


thank you for your quick response.  if you don't mind i'll dig into this the rest of the day and assign points. tomorrow.  your response is very helpful.
this should say:
leave the games on running via NAT unproxied because it will kill the game, if proxied or otherwise interfered with, limited filtered, etc.


when i recommended ISA on a separate machine, the client downplayed his need for security because it's just a teeny-weeny business that nobody would ever bother to hack (ha ha).

i may be better off with Watchguard Firewall because I am familiar with it and setting up ISA on separate box could take longer.  If you pay Watchguard $400/yr I think y ou get
pretty good support from them.  

I'd have a learning curve on the ISA and I'm trying to weigh cost/benefit.  ISA seems nice from the point of view of content filtering (filtering out bad web sites).  Do you know if
it has a list of bad sites like SOnicWall?
all major content filters are compatible with ISA, you subscribe to them, otherwise you can manually feed in a white/black list.

the main issus is not hacking per se, but legatimate users (who have paid) coming in and turning the systems into zombies after hours or something, which is mostly fixed by re-cloning daily.

Also the might bring in a computer or laptop and plug it in without permission.

If you can get watchguard or other box to do proxy, you are good to go.  I am unaware of them supporting proxies anymore
how many screens of WOW is he thinking?
how many screens of web only/ less intensive stuff?

Is it in a place where people will actually use a web kiosk, or is this from what I assume from your post, a hardcore gaming cafe?


Environment:  W23KSP1 on non-Raided Dell machine (SATA only).  10 clients running XPProSP2.  SmartLaunch deployed throughout.  Some vritual CD mount software from daemon-tools.cc.  

Plan is that kids can play games from CDs which are virtually mounted (don't ask) or go on line to browse or play Internet games.    

He has SmartLaunch deployed which keeps track of kids' 'accounts' so that's pretty important!  SmartLaunch also locks down the machines fairly well it seems but doesn't do any content

I get your point on the proxy (central point of control).  I will remember that.  

I guess without the web proxy things can get out-of-control.

Although I do realize that firewalling is important, I worry sometimes that I'm overselling technology.  I've been in situations with ZoneAlarm where everyone is griping about
popups and inconvenience.  Home users don't understand the need to know what they are allowing/denying.  

Small businesses expect things just 'to work' once they are 'set up' and don't realize security is an ongoing process.  I am less expert on firewalling in comparison to O/S, programming, apps, hardware, etc. so that is why all of the questions about firewall.  

NetNanny is the only time I got into content filtering and it was a disaster because the second time the customer had to tweak a setting it was too much.  There is so little patience anymore.

The customer we are discussing now has decided to make the PDC a file server for saved games.  This is already a problem as I know when I did an FTP server that everyone said
don't put customer data there.  They did anyway.  Now it looks like I'm facing the same thing.  People don't appreciate the concept of isolation.

I really do appreciate your specific recommendations.  I esp. like the one about reimaging nightly.  

ISA is sounding like the way to go but I have no idea how long it would take for me to deploy, what the learning curve is, etc.  This is one of those gigs where the client
stands over your shoulder so that he 'can learn'.  So in his eyes I may look stupid if I don't hit a key every four seconds.  Real world consideration.  If I had the place
to myself I could get the job done and charge him  a flat rate of what 5 hours?  Hidden costs include building out a w2k box for it, etc.

Thank you for the reminder about subscriptions.  These clients get awfully sore if you don't tell them all the costs up front.

Not sure what WOW means.  

WOW; world of warcraft.

it's funny, just last year I talked a guy out of buying a supposedly lucrative gaming hall.  He was a non-techie, and if he had made the purchase, the owner (a grand techie, of course) was moving to Hawaii! (I'm in NY)
I told him that the owner or operator of a gaming site MUST be very technical, in fact I can't see anybody doing it without devotion of all thier time and high technical skill to survive.  It is a little like buying a small restaurant and you can't cook, and don't know much about food or business.  You will have to hire someone to run the whole thing and take most of the profits.

also it was supposedly lucrative because it was almost entirely cash.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts


Thank you.  I was looking at WOW for the first time yesterday.  OK, cool.

Your last post is very comforting.  Someone has to RUN THE THING on a day-to-day.  The owners want to hear that 'after the initial setup' the thing will run by itself.

Oh maybe just a few tweaks here and there but nothing major.  Yeah, right.

I had to call MS the other day for something annoying me in Outlook and it was basically 2 hours.  i didn't mind but the customer then rants about costs.

Never mind that the customer runs his own business on a single loaded PC (read single-point-of-failure).  They don't even want to pay to back it up. ("Why can't
you just use a diskette?!?!")

So thank you for putting this in perspective.  I'll just sit back and wait now as his IT friends in the city start to refuse to come up to the burbs to get rid of spyware.

Thank you so much!
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.