On Wed, 2005-03-09 at 14:07, Les Mikesell wrote: > On Wed, 2005-03-09 at 13:00, Scot L. Harris wrote: > > > The same basic security principles > > should be applied in a University setting as are applied in the business > > world. > > Perhaps for their internal business operations, but for general access > not many of the same assumptions apply - certainly not the one that > says all the good guys are inside the firewall and all the bad guys > are outside. I never made that assumption. That is precisely the reason to have segregated networks internally, most threats in the real world come from inside. External threats while they exist, account for only a fraction of the real security problems encountered. From the description of their network they have their main data center servers on the same network as all their other workstations, including student systems. Best practice says you have such systems and networks firewalled. Apparently something they have chosen not to do. I don't know about this particular university but students tend to do stupid things given half a chance. And some of them are quite knowledgeable regarding networks and those things called computers. :) Back when I was in school we used punch cards and sent out jobs out for processing on some big IBM iron. But with LANs and wireless access prevalent today and students having access to laptops and things like nmap, nessus, ethereal, ettercap, kismet, and a host of other easily deployed tools a university LAN has got to look like a war zone, possibly even worse than the Internet itself. And a few of these kids are technically very very good and can run rings around most admins. Kind of like handing a loaded gun to some one that knows exactly how a gun works but does not have the experience and maturity to know that you don't shoot one in the house. I can just imagine that auditorium sized class room full of eager students learning how TCP/IP works and the tools they can use to tear packets apart and send them out leaving class and jumping on systems all over to see if they can hack their way into all the systems they can see on the network. :o -- Scot L. Harris webid@xxxxxxxxxx The most costly of all follies is to believe passionately in the palpably not true. It is the chief occupation of mankind. -- H.L. Mencken
