FC3 Security
Pedro Fernandes Macedo
webmaster at margo.bijoux.nom.br
Wed Mar 9 20:46:29 UTC 2005
Les Mikesell wrote:
>On Wed, 2005-03-09 at 13:00, Scot L. Harris wrote:
>
>
>
>>The same basic security principles
>>should be applied in a University setting as are applied in the business
>>world.
>>
>>
>
>Perhaps for their internal business operations, but for general access
>not many of the same assumptions apply - certainly not the one that
>says all the good guys are inside the firewall and all the bad guys
>are outside.
>
>
>
On the contrary. I've worked as a sysadmin on the computer science
department of the university where I study
and I can tell you that the bad guys are also inside the firewall...
Given that one attacker that we busted was a student from another
university from the same city and that one of
our students hacked the printing system , it gives you an idea on why
being paranoid is good on any network.
And you have to remmember that people like to show off.. So they may
hack your network with the only intention of
showing off to the friends later.. Or they may try to hack the system to
read their girlfriend's e-mail (trust me , this happened too)..
That's the reason why every single machine under the control of the
department IT personnel was monitored using tripwire
and other systems... As for the systems over which we didnt have
control , we isolated them with firewalls and got the person responsible
to sign a term assuming all responsability for any problems caused by
that machine...
--
Pedro Macedo
More information about the users
mailing list