March Meeting Presentations
Kevin Brown
plug-discuss@lists.plug.phoenix.az.us
Tue, 12 Mar 2002 02:41:50 -0700
> > > > My philosophy is that no machine should rely soly upon a firewall for
> > > > protection - they should be able to stand alone for a short period
> > > > of time in case the firewall is compromised. You do have an Intrusion
> > > > Detection System on your firewall, right?
> > >
> > > Well, I do not know. I can only go by what the network admins tell me,
> > > and I have no controll... Maybe I should explain a couple of details.
> > > While this is my personal machine (one of about 6), it is sitting on my
> > > desk at work at ASU. I had this machine configured and built
> > > specifically so I would have a decient machine when I cam back to grad
> > > school. I never assume that a department focusing on ecology are going
> > > to have much more than a PII-Win98 box. So,...
> > >
> > > The building supposidly has it's own firewall, and so does the major in
> > > and out of the U. The quality of the security is open to debate, but
> > > seems to be reasonable most of the time -- though do NOT talk to them
> > > about running Solaris (it's a sore spot). So, do they have an intrusion
> > > detection firewall - I think so, but I have no details, and less
> > > controll.
> >
> > Well having finished my stint working at ASU as a Sysadmin for DCO I can say
> > that as of Jan 2002 there was NO campus firewall.
>
> WHAT?!?!
That is why DCO had me setup a NIDS box. To gather information to show the guys
who approve funds for campus projects that one was needed (think big numbers and
pretty graphs and you have an idea of just how bad it is on campus, and that is
what is coming from outside :) ).
> > Some departments had their
> > own that they maintained, others had one that was run by the IT dept.
>
> ahhh I think that is the case here but I could be mistaken. I WILL
> check on this...
>
> > There was
> > a NIDS box at the edge of the network (put in place by yours truly :) ), but its
> > status as of now is probably one of no one knows how to use it. My replacement
> > had to quit since he didn't register for classes and the guy who took over the
> > servers (and was my boss for the last month of my time there), while a great
> > Windows admin, is lost somewhat in the Unix world. The problem is, that box
> > only sees the crap coming and going on the main pipe to the Net, not the real
> > crap that was happening on campus (think bored engineering student taking out
> > the college of business type stuff).
>
> :-/
>
> hurmph.
>
> EBo -- the misinformed...
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss