tis 2005-03-08 klockan 23:58 -0500 skrev Rick Bilonick: > The data center would go ballistic if I used a router to set up a local > lan with a firewall. (The unversity frowns on connecting routers and > hubs to the network. It wants one computer for each port/ip address. I > think this is somewhat silly but what can I do?) That is actually the most sane rule of all the rules that your IT department has imposed on the network. When they see a threat on the network the want to be able to 1) know the MAC of the infected, cracked or abused computer, 2) analyse the traffic and 3) pull the plug on the computer without loosing an entire office with many other computers along with it. Hence, they want to be in control over the routers and switches. That is sane. It is also somewhat understandable that they want to be in control over what runs on the computers. This allows them to make sure the computers are fully updated with the latest patches etc. However, this is not always practical because the needs of the users vary a lot. A Windows- only policy will definitely limit the available tools, which will very likely be a problem in a university setting. The curriculum of the students might be adapted to the available tools, but the researchers need some flexibility to do their job. If the systems offered by the IT department doesn't provide what you need to be able to do your job, then they must allow you to manage your own computers. If that requires them to somehow reorganise the network to feel safe, then so be it. What the people who manage the network should to is to actually meet with the people who use the network, get to know them and get a feel for who is capable of managing their own computers, regardless of the operating system. Some people really should be placed in front of a locked-down computer with no root/admin access, while some know what they're doing and can work with the network owners to keep it free from infection. Sometimes accidents will happen anyway, but as long as it's rare it something you can live with. Sometimes a single computer managed by its only user can grow organically to a set of servers and workstations managed by a sysadmin, which can then move up to the IT dept. and the computer system provided as a solution to the whole organisation, thus replacing a bunch of other user-managed single computers here and there. This is much more desirable than to just crush any non-sanctioned computer use. Buying a separate DSL seems like a waste of money, caused by a problem within the organisation. /Alexander Boström, University sysadmin.
