March Meeting Presentations

John (EBo) David plug-discuss@lists.plug.phoenix.az.us
Tue, 12 Mar 2002 02:30:36 -0700 

Kevin Brown wrote:
> 
> > > My philosophy is that no machine should rely soly upon a firewall for
> > > protection - they should be able to stand alone for a short period
> > > of time in case the firewall is compromised.  You do have an Intrusion
> > > Detection System on your firewall, right?
> >
> > Well, I do not know.  I can only go by what the network admins tell me,
> > and I have no controll...  Maybe I should explain a couple of details.
> > While this is my personal machine (one of about 6), it is sitting on my
> > desk at work at ASU.  I had this machine configured and built
> > specifically so I would have a decient machine when I cam back to grad
> > school.  I never assume that a department focusing on ecology are going
> > to have much more than a PII-Win98 box.  So,...
> >
> > The building supposidly has it's own firewall, and so does the major in
> > and out of the U.  The quality of the security is open to debate, but
> > seems to be reasonable most of the time -- though do NOT talk to them
> > about running Solaris (it's a sore spot).  So, do they have an intrusion
> > detection firewall - I think so, but I have no details, and less
> > controll.
> 
> Well having finished my stint working at ASU as a Sysadmin for DCO I can say
> that as of Jan 2002 there was NO campus firewall.  

WHAT?!?!

> Some departments had their
> own that they maintained, others had one that was run by the IT dept.  

ahhh I think that is the case here but I could be mistaken.  I WILL
check on this...

> There was
> a NIDS box at the edge of the network (put in place by yours truly :) ), but its
> status as of now is probably one of no one knows how to use it.  My replacement
> had to quit since he didn't register for classes and the guy who took over the
> servers (and was my boss for the last month of my time there), while a great
> Windows admin, is lost somewhat in the Unix world.  The problem is, that box
> only sees the crap coming and going on the main pipe to the Net, not the real
> crap that was happening on campus (think bored engineering student taking out
> the college of business type stuff).

:-/

hurmph.  

  EBo -- the misinformed...