March Meeting Presentations

John (EBo) David plug-discuss@lists.plug.phoenix.az.us
Tue, 12 Mar 2002 02:57:34 -0700


Kevin Brown wrote:
> 
> > > > > My philosophy is that no machine should rely soly upon a firewall for
> > > > > protection - they should be able to stand alone for a short period
> > > > > of time in case the firewall is compromised.  You do have an Intrusion
> > > > > Detection System on your firewall, right?
> > > >
> > > > Well, I do not know.  I can only go by what the network admins tell me,
> > > > and I have no controll...  Maybe I should explain a couple of details.
> > > > While this is my personal machine (one of about 6), it is sitting on my
> > > > desk at work at ASU.  I had this machine configured and built
> > > > specifically so I would have a decient machine when I cam back to grad
> > > > school.  I never assume that a department focusing on ecology are going
> > > > to have much more than a PII-Win98 box.  So,...
> > > >
> > > > The building supposidly has it's own firewall, and so does the major in
> > > > and out of the U.  The quality of the security is open to debate, but
> > > > seems to be reasonable most of the time -- though do NOT talk to them
> > > > about running Solaris (it's a sore spot).  So, do they have an intrusion
> > > > detection firewall - I think so, but I have no details, and less
> > > > controll.
> > >
> > > Well having finished my stint working at ASU as a Sysadmin for DCO I can say
> > > that as of Jan 2002 there was NO campus firewall.
> >
> > WHAT?!?!
> 
> That is why DCO had me setup a NIDS box.  To gather information to show the guys
> who approve funds for campus projects that one was needed (think big numbers and
> pretty graphs and you have an idea of just how bad it is on campus, and that is
> what is coming from outside :) ).

I knew it was bad, but not quite that bad...  unfortunately everyone
here is in denial.  You should have seen the face of campus security
personel when I told them they had a serious CR problem... denial...
well here are the logs to prove it.  when I had the HTTPD daemon up I
built an simple script that extracted just the internal hits every day
and emailed them to the security officer just before getting in.  still
do not know if they love or hate me...


  EBo --