Mailinglist Archive: opensuse-edu (303 mails)

< Previous Next >
Re: [suse-linux-uk-schools] Open Source pr Propriety
  • From: "Mark Evans" <mpe@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 2 Dec 2003 14:17:16 +0000 (UTC)
  • Message-id: <20031202141642.GA9718@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
On Tue, Dec 02, 2003 at 01:29:07PM +0000, John Dean wrote:
> On Tuesday 02 December 2003 12:30, ICT Support Officer wrote:
>
> > > > > For example I wanted to run the school web server from school but the
> > > > > ISP will not provide a public IP address for the school. They also
> > > > > seem reluctant to re-root
>
> I think you mean re-boot. Why would you want your ISP to re-boot, after all
> you are running the servers not them. They just provide you with your net
> access.

Actually he means "re-route" or more specifically provide
a 1:1 NAT between a regular IP and an RFC1918 IP.

> > >
> > > I don't think you can really knock LEAs or ISPs for not wanting to open
> > > ports
> >
>
> ISPs don't close ports. The is your responsibility.

The RBC providing connectivity to schools do not behave
like regular ISPs.

> > >To compound the
> > > problem, you also have a pile of portables which staff
> > > take home and connect to the internet, before plugging them back into the
> > > school network to unleash their dubious payloads.
>
> Network and Computer security is not all about software. It should include
> written policies and procedures. I used to work for the worlds biggest oil
> producer. We had over 70,000 computers connected to the company network and
> the Internet. From what I read in some Computer mag. the company I worked for
> has the biggest hetrogenious network in the world. There was everything from

It's actually homogeneous environments which are
most at risk from self propergating malware.

> the ancient Apple IIe up to two massive CRAY 2 super-computers. As you can
> well imagine a system like that is a security nightmare. All security
> problems as far as I remember came from inside of the company. All of these
> problems concerned virus attacks on *Windows* machines (in the 10 years in

Wonder if someone will claim that that's just
because "Windows is the most popular OS"...

> worked for Saudi Aramco was a single UNIX machine compromised), because of
> people bringing infected floppies and CDs into work. Once the policy was
> tightened up we never again had problems with virii.
>
> > >
> > > If I was responsible for this in an LEA I would insist that somebody from
> >
> > the
> >
> > > school sat, and passed with flying colours, a very scary network security
> > > exam, before they'd get me to open any ports :)
>
> That is totally unnecessary and over the top. The first thing you should is to
> get your headman to draft a security policy and then back that up with
> regular audits. Like I have already said you are more likely to suffer from
> security problems from the inside than from the outside. Hackers arn't

Back to the LFTs.

--
Mark Evans
St. Peter's CofE High School
Phone: +44 1392 204764 X109
Fax: +44 1392 204763

< Previous Next >