On Tuesday 02 December 2003 13:03, ICT Support Officer wrote:
All we want is to have a public IP address and have most ports left open for it to be workable. It does not cost more than £150 to buy a very simple hardare firewall and VPN equipment. I got one for £75 from D-link and internally I use NAT both at home and school. This cheap firewall can be installed in all schools and set up once and that is it. Oh no it isn't! What about the inevitable vulnerabilities which are discovered and exploited in the hardware firewall?
Complex software firewalling may cause unease for many schools like you put it so hardware solutions is much better.
It should cause unease! Security is a serious and complex business, schools *should* be worried by it, but they won't address the problem with a 70 quid box they can fit and forget.
Unfortunately since we dont have a Public IP address at the school we are unable to run many services like a Web server, Mail server all open source and free.
These are all difficult to set up securely without a fairly high degree of understanding and a constant eye open for vulnerabilities. Again, you can't just 'fit and forget'. Don't get me wrong - it would be great if schools could have access to the level of competence required to do all this stuff, but it isn't going to happen on a widespread basis without an extraordinary increase in training and salary bugets for technical staff. Cheers -- Phil Driscoll