On Tuesday 02 December 2003 12:25, ICT Support Officer wrote:
I can knock them all as far as I can throw them. Just a question for you -> When you and millions of others are connecting to their broadband service from home or office do they not have full access to all the ports. I am in fact running my own mail and web servers from home using my broadband connection. Why should schools be an exception. All the ISp's are doing is providing a pipe between you and the Internet. I think you missed the point here
I don't think so. I'm sure that you have a setup like mine. My ADSL line goes into a smoothwall box which I keep fully patched and monitor the logs. All my machines behind that firewall are fully patched linux machines. I'm confident that, whilst I'm not 100% secure, I'm a much harder target than the majority of machines sat on the internet. A couple of weeks ago I installed a smoothwall machine for a neighbour because his XP machine had been hacked to bits via his NTL cable broadband connection. I even persuaded him to install SuSE instead of XP. Now he's a happy man, but in the first 10 minutes of operation, his smoothwall machine blocked over 100 hostile attempts on his network. Don't get me wrong, I'm sure that you are aware of the issues and can cope with them, but if you opened all the ports to most schools, their networks would essentially be unavailable for use by the pupils and staff almost all the time.
Your statistics (almost %100) is also wrong. Almost everyone here on this this are to some extent are proficient enough to do that.
I'm sure that a good number of people on this list are to some extent proficient enough. However, even if everyone on this list was very good at network security, that would still account for a small fraction of 1% of UK schools (unless there are hundreds of lurkers on the list). And in the schools I've been in, even where the technical staff have much higher than average levels of competence, I don't believe they have time to sit down each morning, digest and act upon all the security bulletins, patch machines etc. They already have an overfull workload without this.
In any case the security issue is for schools to worry about and not the ISP's. If schools don't have the technical experts to run a school network then they should invest in hiring skilled technicians but I know that they do.
It would be great if schools funded technical experts to this level, but they don't and it's not a change that is likely to happen quickly. I don't know of any well paid technical staff in any UK school - now that Chris Puttick has gone back to industry :) - and this is a situation that needs to be addressed. However, at the moment, opening the ports on the LEA firewall would essentially shut down ICT in most uk schools, and whilst that would send a useful message to all involved, I can fully understand why LEAs and ISPs don't want to do it. Cheers -- Phil Driscoll