RE: [suse-linux-uk-schools] Open Source pr Propriety
There's still Tim Fletcher in the highly paid and competent department (and his team for the competent)! Back here in industry, we're banking on school's being unable/unwilling to pay the going rate to employ their own experts (and LEA's often seemingly unable but not for financial reasons... (members of the list exempted!)). The company offers a fully managed support service all the way up from individual printers to whole site; this of course costs schools (and companies, councils, NHS trusts etc.), but provides them with access to a whole team of experts, many of whom are paid more than an individual school would consider paying IT support staff (and we don't even append manager to their title!). I'm fairly certain this is the way forward for schools, particularly those unwilling to pay market rates. I'm also fairly certain that Phil's original statistic was essentially correct - high quality security can not be bought off-the-shelf; it requires expertise to implement and manage effectively. Most LEAs/councils don't have access to that level of expertise, let alone schools. Where they have, I'm sure the solution proffered to schools via their local grid is much more flexible e.g. everything closed as a norm, ports opened on and redirected on rational request. Cheers Chris -----Original Message----- From: Phil Driscoll [mailto:phil@dialsolutions.co.uk] Sent: 02 December 2003 12:46 To: ICT Support Officer Cc: SuSe Subject: Re: [suse-linux-uk-schools] Open Source pr Propriety On Tuesday 02 December 2003 12:25, ICT Support Officer wrote:
I can knock them all as far as I can throw them. Just a question for you -> When you and millions of others are connecting to their broadband service from home or office do they not have full access to all the ports. I am in fact running my own mail and web servers from home using my broadband connection. Why should schools be an exception. All the ISp's are doing is providing a pipe between you and
the Internet. I think you missed the point here
I don't think so. I'm sure that you have a setup like mine. My ADSL line goes into a smoothwall box which I keep fully patched and monitor the logs. All my machines behind that firewall are fully patched linux machines. I'm confident that, whilst I'm not 100% secure, I'm a much harder target than the majority of machines sat on the internet. A couple of weeks ago I installed a smoothwall machine for a neighbour because his XP machine had been hacked to bits via his NTL cable broadband connection. I even persuaded him to install SuSE instead of XP. Now he's a happy man, but in the first 10 minutes of operation, his smoothwall machine blocked over 100 hostile attempts on his network. Don't get me wrong, I'm sure that you are aware of the issues and can cope with them, but if you opened all the ports to most schools, their networks would essentially be unavailable for use by the pupils and staff almost all the time.
Your statistics (almost %100) is also wrong. Almost everyone here on this this are to some extent are proficient enough to do that.
I'm sure that a good number of people on this list are to some extent proficient enough. However, even if everyone on this list was very good at network security, that would still account for a small fraction of 1% of UK schools (unless there are hundreds of lurkers on the list). And in the schools I've been in, even where the technical staff have much higher than average levels of competence, I don't believe they have time to sit down each morning, digest and act upon all the security bulletins, patch machines etc. They already have an overfull workload without this.
In any case the security issue is for schools to worry about and not the ISP's. If schools don't have the technical experts to run a school network then they should invest in hiring skilled technicians but I know that they do.
It would be great if schools funded technical experts to this level, but they don't and it's not a change that is likely to happen quickly. I don't know of any well paid technical staff in any UK school - now that Chris Puttick has gone back to industry :) - and this is a situation that needs to be addressed. However, at the moment, opening the ports on the LEA firewall would essentially shut down ICT in most uk schools, and whilst that would send a useful message to all involved, I can fully understand why LEAs and ISPs don't want to do it. Cheers -- Phil Driscoll -- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com This message may contain information and/or data that is confidential and legally privileged. It is intended solely for the addressee(s) only. If you are not the intended recipient you are notified that any use, publication, reproduction or dissemination is strictly prohibited and may violate certain laws. If you are not the intended recipient, please contact the sender by return e-mail and destroy this and all copies of this message and/or data. The content of this message has been scanned by MailPatrol for unacceptable language and inappropriate content. European Electronique limited thanks you in anticipation of your co-operation. MailPatrol is a fully managed service that offers your organisation the ability to monitor and enforce your Acceptable Usage Policy. For further information regarding the MailPatrol services contact the European Electronique Sales Enquiry line on 0845 345 8340 (local rate) or email sales@euroele.com
On Tuesday 02 December 2003 13:12, Chris Puttick wrote:
There's still Tim Fletcher in the highly paid and competent department (and his team for the competent)! Back here in industry, we're banking on school's being unable/unwilling to pay the going rate to employ their own experts (and LEA's often seemingly unable but not for financial reasons... (members of the list exempted!)).
The company offers a fully managed support service all the way up from individual printers to whole site; this of course costs schools (and companies, councils, NHS trusts etc.), but provides them with access to a whole team of experts, many of whom are paid more than an individual school would consider paying IT support staff (and we don't even append manager to their title!). I'm fairly certain this is the way forward for schools, particularly those unwilling to pay market rates.
I'm also fairly certain that Phil's original statistic was essentially correct - high quality security can not be bought off-the-shelf; it requires expertise to implement and manage effectively. Most LEAs/councils don't have access to that level of expertise, let alone schools. Where they have, I'm sure the solution proffered to schools via their local grid is much more flexible e.g. everything closed as a norm, ports opened on and redirected on rational request.
I thought we'd get round to the sale pitch some time or other.
Cheers
Chris
-----Original Message----- From: Phil Driscoll [mailto:phil@dialsolutions.co.uk] Sent: 02 December 2003 12:46 To: ICT Support Officer Cc: SuSe Subject: Re: [suse-linux-uk-schools] Open Source pr Propriety
On Tuesday 02 December 2003 12:25, ICT Support Officer wrote:
I can knock them all as far as I can throw them. Just a question for you -> When you and millions of others are connecting to their broadband service from home or office do they not have full access to all the ports. I am in fact running my own mail and web servers from home using my broadband connection. Why should schools be an exception. All the ISp's are doing is providing a pipe between you and
the Internet. I think you missed the point here
I don't think so. I'm sure that you have a setup like mine. My ADSL line goes into a smoothwall box which I keep fully patched and monitor the logs. All my machines behind that firewall are fully patched linux machines. I'm confident that, whilst I'm not 100% secure, I'm a much harder target than the majority of machines sat on the internet.
A couple of weeks ago I installed a smoothwall machine for a neighbour because his XP machine had been hacked to bits via his NTL cable broadband connection. I even persuaded him to install SuSE instead of XP. Now he's a happy man, but in the first 10 minutes of operation, his smoothwall machine blocked over 100 hostile attempts on his network.
Don't get me wrong, I'm sure that you are aware of the issues and can cope with them, but if you opened all the ports to most schools, their networks would essentially be unavailable for use by the pupils and staff almost all the time.
Your statistics (almost %100) is also wrong. Almost everyone here on this this are to some extent are proficient enough to do that.
I'm sure that a good number of people on this list are to some extent proficient enough. However, even if everyone on this list was very good at network security, that would still account for a small fraction of 1% of UK schools (unless there are hundreds of lurkers on the list). And in the schools I've been in, even where the technical staff have much higher than average levels of competence, I don't believe they have time to sit down each morning, digest and act upon all the security bulletins, patch machines etc. They already have an overfull workload without this.
In any case the security issue is for schools to worry about and not the ISP's. If schools don't have the technical experts to run a school network then they should invest in hiring skilled technicians but I know that they do.
It would be great if schools funded technical experts to this level, but they don't and it's not a change that is likely to happen quickly. I don't know of any well paid technical staff in any UK school - now that Chris Puttick has gone back to industry :) - and this is a situation that needs to be addressed. However, at the moment, opening the ports on the LEA firewall
would essentially shut down ICT in most uk schools, and whilst that would send a useful message to all involved, I can fully understand why LEAs and ISPs don't want to do it.
Cheers -- Phil Driscoll
-- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com
This message may contain information and/or data that is confidential and legally privileged. It is intended solely for the addressee(s) only. If you are not the intended recipient you are notified that any use, publication, reproduction or dissemination is strictly prohibited and may violate certain laws. If you are not the intended recipient, please contact the sender by return e-mail and destroy this and all copies of this message and/or data. The content of this message has been scanned by MailPatrol for unacceptable language and inappropriate content. European Electronique limited thanks you in anticipation of your co-operation. MailPatrol is a fully managed service that offers your organisation the ability to monitor and enforce your Acceptable Usage Policy. For further information regarding the MailPatrol services contact the European Electronique Sales Enquiry line on 0845 345 8340 (local rate) or email sales@euroele.com
-- Regards John http://www.totalrekall.co.uk john@totalrekall.co.uk
participants (2)
-
Chris Puttick -
John Dean