It can be difficult to manage public computer security, especially at terminals that are used regularly for a diverse range of tasks. It is possible, however, to prevent damage to the computers, loss of data and malicious intrusions while still permitting access to rule-abiding members of the public. The first is to use every trick possible to protect the core operating system, from booting from a compact disk (CD) or external drive to creating virtual computers on a single system. Another tip is to find security software that can either restrict user access to programs and features or to install software that resets the computer to an initial state after each use. Finally, maintaining logs of activity can help to show if a single user is consistently testing a system or finding ways to violate policies.
One of the best tips for maintaining public computer security is to protect the operating system from malicious attacks or modifications. This can be achieved by booting computers from a live CD. A live CD is a complete operating system on a CD that cannot be modified. It also means that no information, such as deleted files or cache files, can be extracted from a stolen hard drive.
When a computer is being used every day by many people, then another type of public computer security could be helpful. This comes in the form of software that can section off a piece of the operating system and create a safe sandbox where the user can do no permanent harm to a system and will not have access to the larger computer and its resources. These virtual computer programs will actually create a copy of the operating system that is only used for the one session in which the user is working and will then delete all traces of anything done when the user logs off. This both protects the computer and hides nearly all information on the hard drive.
A regular examination of system log files can help in preventing future problems with public computer security by finding patterns of attempted violations. If a computer shows a sequence of failed access attempts or browsing of the file system, even if it is empty or protected, then more stringent security procedures can be enacted on that system. For public computers that have individual logins, this information can be traced back to specific users.
Finally, physical public computer security should not be overlooked. This means the computer itself should be somehow secured to its location. In addition, the case that contains important components such as the motherboard, network interface card or hard drive should be locked or made inaccessible by the public. This can prevent a malicious person from stealing a hard drive and then recovering any sensitive information that might have once been stored on it.