On Tue, Dec 02, 2003 at 01:29:07PM +0000, John Dean wrote:
On Tuesday 02 December 2003 12:30, ICT Support Officer wrote:
For example I wanted to run the school web server from school but the ISP will not provide a public IP address for the school. They also seem reluctant to re-root
I think you mean re-boot. Why would you want your ISP to re-boot, after all you are running the servers not them. They just provide you with your net access.
Actually he means "re-route" or more specifically provide a 1:1 NAT between a regular IP and an RFC1918 IP.
I don't think you can really knock LEAs or ISPs for not wanting to open ports
ISPs don't close ports. The is your responsibility.
The RBC providing connectivity to schools do not behave like regular ISPs.
To compound the problem, you also have a pile of portables which staff take home and connect to the internet, before plugging them back into the school network to unleash their dubious payloads.
Network and Computer security is not all about software. It should include written policies and procedures. I used to work for the worlds biggest oil producer. We had over 70,000 computers connected to the company network and the Internet. From what I read in some Computer mag. the company I worked for has the biggest hetrogenious network in the world. There was everything from
It's actually homogeneous environments which are most at risk from self propergating malware.
the ancient Apple IIe up to two massive CRAY 2 super-computers. As you can well imagine a system like that is a security nightmare. All security problems as far as I remember came from inside of the company. All of these problems concerned virus attacks on *Windows* machines (in the 10 years in
Wonder if someone will claim that that's just because "Windows is the most popular OS"...
worked for Saudi Aramco was a single UNIX machine compromised), because of people bringing infected floppies and CDs into work. Once the policy was tightened up we never again had problems with virii.
If I was responsible for this in an LEA I would insist that somebody from
the
school sat, and passed with flying colours, a very scary network security exam, before they'd get me to open any ports :)
That is totally unnecessary and over the top. The first thing you should is to get your headman to draft a security policy and then back that up with regular audits. Like I have already said you are more likely to suffer from security problems from the inside than from the outside. Hackers arn't
Back to the LFTs. -- Mark Evans St. Peter's CofE High School Phone: +44 1392 204764 X109 Fax: +44 1392 204763