On Tuesday 02 December 2003 12:30, ICT Support Officer wrote:
National grid for learning has been brought about and we seem to have some compulsory broadband connections forced upon us. So far I found the system unworkable because there are private companies involved.
What on earth has being a private company got to do with having dynamic or static IPs. When I signed up for my boardband connection I was given the option of a single dynamic IP or 8 static IPs. Of course with the 8 IP optin you have to buy a ADSL modem/router, which I did. My modem/router is connected to a 16 port switch. Also my modem router has a built in firewall and it capable of handling 256 simultaneous connections through a single port (I would need 16x16 port hubs/switches to do that). In theory my 4 port ADSL modem/router could handle 256x4 = 1024 internet connections
For example I wanted to run the school web server from school but the ISP will not provide a public IP address for the school. They also seem reluctant to re-root
I think you mean re-boot. Why would you want your ISP to re-boot, after all you are running the servers not them. They just provide you with your net access.
I don't think you can really knock LEAs or ISPs for not wanting to open ports
ISPs don't close ports. The is your responsibility.
in their firewalls to allow traffic into schools. Approximately 100% of UK schools do not have access to the technical skills to maintain a secure network which is exposed to the internet. I say approximately, because there are obviously a tiny few who do, and most of them will have representatives on this list :) Even when you've had the wit to stick a gnu/linux or bsd box between yourself and the outside world, you are surely fighting a losing battle if you have a couple of hundred windows boxes running IE and Outlook on the other side of it.
This is unbelievable. If you have the correct equippment i.e. an ADSL modem/ router with built-in firewall it would not matter if you are running Windows, Linux or both. There is plenty of content filtering software available for all platforms
To compound the problem, you also have a pile of portables which staff take home and connect to the internet, before plugging them back into the school network to unleash their dubious payloads.
Network and Computer security is not all about software. It should include written policies and procedures. I used to work for the worlds biggest oil producer. We had over 70,000 computers connected to the company network and the Internet. From what I read in some Computer mag. the company I worked for has the biggest hetrogenious network in the world. There was everything from the ancient Apple IIe up to two massive CRAY 2 super-computers. As you can well imagine a system like that is a security nightmare. All security problems as far as I remember came from inside of the company. All of these problems concerned virus attacks on *Windows* machines (in the 10 years in worked for Saudi Aramco was a single UNIX machine compromised), because of people bringing infected floppies and CDs into work. Once the policy was tightened up we never again had problems with virii.
If I was responsible for this in an LEA I would insist that somebody from
the
school sat, and passed with flying colours, a very scary network security exam, before they'd get me to open any ports :)
That is totally unnecessary and over the top. The first thing you should is to get your headman to draft a security policy and then back that up with regular audits. Like I have already said you are more likely to suffer from security problems from the inside than from the outside. Hackers arn't interested in breaking into a schools network.
-- Phil Driscoll
I can knock them all as far as I can throw them. Just a question for you -> When you and millions of others are connecting to their broadband service from home or office do they not have full access to all the ports. I am in fact running my own mail and web servers from home using my broadband connection. Why should schools be an exception. All the ISp's are doing is providing a pipe between you and the Internet. I think you missed the point here
Your statistics (almost %100) is also wrong. Almost everyone here on this this are to some extent are proficient enough to do that. In any case the security issue is for schools to worry about and not the ISP's. If schools don't have the technical experts to run a school network then they should invest in hiring skilled technicians but I know that they do.
Regards
M Gural
-- Regards John http://www.totalrekall.co.uk john@totalrekall.co.uk