Re: FC3 Security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jeff Kinz wrote:
Any IT dept that equates sshd to a server is either not up to snuff
technically (and in a really bad way.), or they are being duplicitous.
(Thats another word for lying)

I've heard only one side of the story about that particular IT department (Rick's side), and reacted upon it (probably shouldn't have, at least not without knowing the other side of the story).


However, for one thing I must agree with the IT department in question. Allowing unrestricted connections to any service (including SSH) from Internet isn't something that should be allowed. It isn't really relevant if the machine is server or not.

Now, definition of server is kind of fuzzy. If machine is running a service that accepts connections, it might be considered a server. All depends on the definition one chooses to use. On the other hand, using that definition, each and every Windows machine with file&printer sharing enabled is also a server (and my guess is that file&printer sharing is commonly used on the university type of network).

I can kind of see the mentioned IT department as having a point *if* they are the only ones who are administering all those Windows boxes on their network, keep them tightly closed down, with users not able to change any system settings, with BIOS passwords to prevent users from reinstalling machines. If users have Administrator privileges on those Windows machines, than I can't see any reasoning behind their decision, as long as Rick is not bugging them to troubleshoot his problems.

Another thing that puzzles me is, if the network is completely open (as Rick said it is), and they are depending only on Windows XP firewall feature, than what is the difference between Rick's machine and any other host on the Internet? Sure, somebody can do more effective DoS on local network, but other than that?

BTW, I completely agree with one comment made here. IT department provides service. There are no "us" and "them". In corporate world, we do whatever is needed to support bussiness needs. IT department in university setting should be the same. If somebody needs Linux box connected to network to do his work, IT folks shouldn't be in the way "because we are Windows-only shop". I always considered my job description to be "finding a way to allow people to do their work in most efficient way, while keeping it secure".

What Rick described is completely opposite attitude that results in restricting people in doing their work, separation to "us" and "them", and inefficient use of resources.

--
Aleksandar Milivojevic <amilivojevic@xxxxxx>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux