Security Problem? I need some Information
I have just run into some static with the powers that be in my place of employment with respect to my use of Linux rather than Windows. I am connected to a University network. There is also an internal LAN that serves my school only. The other computers in this operation, all on Windows, are connected by default through the University network to that LAN. The fear is that my computer is a potential server for the LAN and therefore poses a security problem. I find this strange, but have no way of refuting it. Any help? Any references? Thanks dj tuchler
On 02 Aug 02, Dennis Tuchler (dtuchler@earthlink.net) wrote:
I have just run into some static with the powers that be in my place of employment with respect to my use of Linux rather than Windows. I am connected to a University network. There is also an internal LAN that serves my school only. The other computers in this operation, all on Windows, are connected by default through the University network to that LAN.
The fear is that my computer is a potential server for the LAN and therefore poses a security problem. I find this strange, but have no way of refuting it.
Even a windows computer can be a potential server (IIS, Apache for windows...) It is just a matter of what sofware you have installed and whether you have a local firewall blocking locaal servers. -- Stephen Patterson Whom computers would destroy, they must first drive mad.
On Fri, Aug 02, 2002 at 09:07:13PM +0000, Stephen Patterson wrote:
On 02 Aug 02, Dennis Tuchler (dtuchler@earthlink.net) wrote:
I have just run into some static with the powers that be in my place of employment with respect to my use of Linux rather than Windows. I am connected to a University network. There is also an internal LAN that serves my school only. The other computers in this operation, all on Windows, are connected by default through the University network to that LAN.
Should be no problem, *technically*... Socially, well there's always the fear of the unknown... :-\
The fear is that my computer is a potential server for the LAN and therefore poses a security problem. I find this strange, but have no way of refuting it.
Well, "server" *is* a pretty broad term. What exactly is it that they're concerned about?
Even a windows computer can be a potential server (IIS, Apache for windows...) It is just a matter of what sofware you have installed and whether you have a local firewall blocking locaal servers.
If you have an http server running, f.x, then that's certainly no problem for the network. (Unless of course you'd be serving big popular files that everyone on the local net access all the time, thus hogging bandwidth) My hunch is that what the Powers fear, is that you could inadvertently be running dchp or dns or some other network 'configuration' service. Or that by some insane windows logic, the other clients on the lan should all suddenly think that your machine is their gateway... or... or... But basically you should check which services *are* running, and turn off anything 'inappropriate'. What version system are you using? I think we need to know a little more about what exactly the Powers' concerns are, before we can ease their minds...? Just as an aside; At the school where I read up to the LPIC-1 tests, I too was the lone linux user. Initially I was met with the same kind of 'concern' that my box could pose a 'problem' for the network. Of course it didn't, and after a while some of the techs even got kind of interested in the system :) The only real 'problem' with having that box in a M$ network was that no matter what I tried, the Exchange server would *not* accept connections, and consequently I could not use the school mail system... This forced me to ssh to an outside server in order to use mail. But hey, that's when I took my first baby steps with Mutt, so actually it was kind of a bonus ;D HTH Jon Clausen
Thanks for your help. My system is S.u.S.E. 7.3 connected through an ethernet card, set ti DHCP. I can't imagine what harm I could be threatening! I have no idea how I could be a conduit through which the LAN at work can come into danger. I don't connect to it, although I suppose that someone could go through my computer and connect through it. On Friday 02 August 2002 17:24, Jon Clausen wrote:
On Fri, Aug 02, 2002 at 09:07:13PM +0000, Stephen Patterson wrote:
On 02 Aug 02, Dennis Tuchler (dtuchler@earthlink.net) wrote:
I have just run into some static with the powers that be in my place of employment with respect to my use of Linux rather than Windows. I am connected to a University network. There is also an internal LAN that serves my school only. The other computers in this operation, all on Windows, are connected by default through the University network to that LAN.
Should be no problem, *technically*... Socially, well there's always the fear of the unknown... :-\
The fear is that my computer is a potential server for the LAN and therefore poses a security problem. I find this strange, but have no way of refuting it.
Well, "server" *is* a pretty broad term. What exactly is it that they're concerned about?
Even a windows computer can be a potential server (IIS, Apache for windows...) It is just a matter of what sofware you have installed and whether you have a local firewall blocking locaal servers.
If you have an http server running, f.x, then that's certainly no problem for the network. (Unless of course you'd be serving big popular files that everyone on the local net access all the time, thus hogging bandwidth)
My hunch is that what the Powers fear, is that you could inadvertently be running dchp or dns or some other network 'configuration' service. Or that by some insane windows logic, the other clients on the lan should all suddenly think that your machine is their gateway... or... or...
But basically you should check which services *are* running, and turn off anything 'inappropriate'. What version system are you using?
I think we need to know a little more about what exactly the Powers' concerns are, before we can ease their minds...?
Just as an aside; At the school where I read up to the LPIC-1 tests, I too was the lone linux user. Initially I was met with the same kind of 'concern' that my box could pose a 'problem' for the network. Of course it didn't, and after a while some of the techs even got kind of interested in the system :)
The only real 'problem' with having that box in a M$ network was that no matter what I tried, the Exchange server would *not* accept connections, and consequently I could not use the school mail system... This forced me to ssh to an outside server in order to use mail. But hey, that's when I took my first baby steps with Mutt, so actually it was kind of a bonus ;D
HTH Jon Clausen
-- dj tuchler dtuchler@earthlink.net
On Fri, 02 Aug 2002 14:25:10 -0500 Dennis Tuchler <dtuchler@earthlink.net> wrote:
The fear is that my computer is a potential server for the LAN and therefore poses a security problem. I find this strange, but have no way of refuting it.
Any help? Any reference
Just about any computer can be used a server, even the windows machines. There are a whole bunch of mini-httpd daemons out there, and some compile on windows too. All anyone needs to do is put 1 of these somewhere on a high port and they could be serving out files. So the LAN operator has to have some sort of traffic monitoring for their firewall. if strange traffic shows up, they will be able to point to which machine sent it. Really, you should be complaining to them about the hazards of windows virrii on a net full of windows machines. Point out that linux dosn't spread viruses, and it would be useful to have an "immune machine". I'll bet the real reason is windows users don't want you to have the chance to show the superiority of linux, then they might be forced to change, once they see your success. -- use Perl; #powerful programmable prestidigitation
Dennis Tuchler <dtuchler@earthlink.net> writes:
The fear is that my computer is a potential server for the LAN and therefore poses a security problem. I find this strange, but have no way of refuting it.
The only way is to persuade LAN administrators that your skills are sufficient for administering the Linux machine - they must trust you. They won't control the machine and won't be able to check if you install SW (for instance some backdoored versions) which can threaten the LAN security. IMHO, it's not about the quality of Linux (which is good enough), it's about the quality of the new administrator.
Any references?
An empty list of your criminal records may help ;-) -- Alexandr.Malusek@imv.liu.se
participants (6)
-
Alexandr Malusek -
Dennis J.Tuchler -
Dennis Tuchler
-
Jon Clausen -
Stephen Patterson -
zentara