On all the networks I've been part of ranging in size from 20 to 250 machines, no one has been allowed to connect a machine that was not company issue without the IT directors approval. This has included remotely connection through VAN or Citric. All remote machines have been required to have firewall and current anti virus software. None of our users have been geek enough to even know what Linux is let alone have enough technical know how to use it. We do run about 6 or 7 Linux servers but no Linux workstations.
-----Original Message-----
From: Austin Godber [
mailto:godber@uberhip.com]
Sent: Thursday, March 13, 2003 11:30 AM
To:
plug-discuss@lists.plug.phoenix.az.us
Subject: Re: Computer registration at ASU (Was: Re: Linux at ASU
Conferenc e?)
Alan Dayley wrote:
> I am after a direct clarification. If you will note at the bottom of all these quoted messages, Austin quotes my statement that I assume other OSes must be registered too. He responded with laughter. His response implies to me that "non-*nix" OSes don't need to be registered. I want to know if my understanding of the implied meaning is correct.
In my 10 years on ASU campus never has anyone asked me to register or
otherwise inform them of the existance of any computer with the
exception of those computers which are running the Linux or other UNIX
like OS. The initiative to register Linux/UNIX computers began last
fall (2002) in the College of Engineering. in Particular it is organized
by ETS (Engineering Technical Services). This is NOT ASU IT (who
manages ASU wide computing services) nor is it DATACOM (who runs the
networking aspects). ETS provides computing support for the college of
engineering.
There, I have stopped being a twit ;)
> I agree with you that all computers on the network should be regitered and known. The university should control access to the network. I just want to know if they are being dumb, as Austin implies, and only require *nix OSes to register.
The details are very murky, a room is owned by a person, but can you
assume that the person who has resposibility for the room also
administers tha machine? No absolutely not. The rooms are popluated by
grad students who do whatever necessary in pursuit of completion of
their thesis research.
If they need OpenBSD to tinker with bandwidth throttling while they are
trying something out the night before a presentation are they supposed
to wait until ETS comes in in the morning before they install their
machine so they can report it properly.
My simple argument is this. A database filled by people voluntarily
about the types of machines they are using will fail terribly (e.g. not
reflect reality closely very quickly). At least in this environment I
think that is the case. They should concentrate on security scans (e.g.
nessus), port scans, and network IDS.
Actually, I see all of this as being a good opportunity for ASULUG to
help people properly administer their machines. This is a possible task
for me to take up in the future.
Austin
PS - BTW, I would be interested to compare how the above techniques work
for those of you who have experience administering largish networks.
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)