Alexander Boström wrote:
tis 2005-03-08 klockan 23:58 -0500 skrev Rick Bilonick:
The data center would go ballistic if I used a router to set up a local
lan with a firewall. (The unversity frowns on connecting routers and
hubs to the network. It wants one computer for each port/ip address. I
think this is somewhat silly but what can I do?)
That is actually the most sane rule of all the rules that your IT
department has imposed on the network. When they see a threat on the
network the want to be able to 1) know the MAC of the infected, cracked
or abused computer, 2) analyse the traffic and 3) pull the plug on the
computer without loosing an entire office with many other computers
along with it. Hence, they want to be in control over the routers and
switches. That is sane.
It is also somewhat understandable that they want to be in control over
what runs on the computers. This allows them to make sure the computers
are fully updated with the latest patches etc. However, this is not
always practical because the needs of the users vary a lot. A Windows-
only policy will definitely limit the available tools, which will very
likely be a problem in a university setting. The curriculum of the
students might be adapted to the available tools, but the researchers
need some flexibility to do their job. If the systems offered by the IT
department doesn't provide what you need to be able to do your job, then
they must allow you to manage your own computers. If that requires them
to somehow reorganise the network to feel safe, then so be it.
What the people who manage the network should to is to actually meet
with the people who use the network, get to know them and get a feel for
who is capable of managing their own computers, regardless of the
operating system. Some people really should be placed in front of a
locked-down computer with no root/admin access, while some know what
they're doing and can work with the network owners to keep it free from
infection. Sometimes accidents will happen anyway, but as long as it's
rare it something you can live with.
Sometimes a single computer managed by its only user can grow
organically to a set of servers and workstations managed by a sysadmin,
which can then move up to the IT dept. and the computer system provided
as a solution to the whole organisation, thus replacing a bunch of other
user-managed single computers here and there. This is much more
desirable than to just crush any non-sanctioned computer use.
Buying a separate DSL seems like a waste of money, caused by a problem
within the organisation.
/Alexander Boström,
University sysadmin.
I agree completely. Unfortunately, we seem to work for the benefit of
the data center IT group. They never ask our needs. There motto is: one
size fits all. The thing is, it's my bad luck to have an office in the
data center. Otherwise, I have no connection to the data center.
Rick B.