[unisog] Educating Users
Peter Van Epp
vanepp at sfu.ca
Wed Aug 8 02:26:46 GMT 2001
> In the various Code Red threads, many things have been said about LARTS,
> educating users, using AUP's to enforce the installation of servers, and
> many other ideas.
> My question is, how? In Detail?
Whats sort of working for us (for some value of working :-)) is what
amounts to "cut em off". If your machine (Unix, NT or Mac) causes a problem
on the network (such as screwing up Appletalk which is about the only Mac
problem I can think of) or more usually is doing something undesirable out
towards the net (because I usually don't have the time to worry about internal
problems) you get cutoff the net until you convince management that you have
fixed your problem. Since the funding isn't there for central site support
support from us stops at the network disconnect. The user gets told they need
to hire someone (we will provide references to consultants if asked) to secure
the machine appropriately. We used to have a fair number of problem machines,
but the policy is well known (and supported by senior management) and of late
various of the departments (but not all, I still have problem children that are
off the network more than they are on ...) have bitten the bullet and designated
someone to become a somewhat decent admin to avoid getting cut off. It helps
somewhat that we have a Linux beawolf cluster centrally and someone that
maintains and patches it and makes that config available to the campus along
with a secuity web page (and who has been known to succumb to bribery in his
off hours :-)). This has forced the community to learn at least as much as
they want to learn (i.e. the noise level and the work disruption level are
both tolorable at present).
The admin systems are going to be a lot more exciting. They are
currently hell bent on going client server NT (from a centrally secured VAX
can you say disaster in the making? I thought you could ...) Luckily I
currently am not responsible for admin security. I am however public enemy
nunber 1 to most admin business units because I have the ear of their bosses
on security issues because said bosses sit on the security committee that has
dealt with expulsions and successful criminal proscution on the academic side.
The business units haven't yet understood (despite being told) that I have no
say in what they do or don't do on security other than to advise their bosses
what is and isn't safe. Nor that their bosses have a lot better picture of the
local threat level than the business units do (because the business units don't
have need to know about confidential security goings on and thus I can't tell
them even if they would believe me).
This of course doesn't work in an ISP environment where the custoners
are paying you (as opposed to being supplied with subsidized services by the
central authority) and thus isn't generally applicable.
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the unisog