[unisog] Slashdot's UCSB Article

Curtis Kline ckline at housing.ucsb.edu
Tue Oct 1 23:31:32 GMT 2002


+ It would be like an ISP running a NOS and using it to manage its 
+ customers' configurations for them. Scary no matter what side of the 
+ fence you look at it from. :)


Therein lies the rub. I know there are schools that have residential
networking users join domains and such, but I am somewhat surprised the
student population puts up with it. As you said, if my ISP came to me
and said, "You have to join our domain and we will have domain admin
rights on your box", I would tell them they were insane.

Of course in a university residential networking environment the
students usually have no choice. It's either play ball under the network
manager's rules or be off the 'net.

It continually amazes me just how many people involved in higher
education information technology have no real clue as to the issues
facing residential network managers. It is more like a public ISP or a
'hospitality network' (hotel) than it is like a corporate environment or
an academic network.  Way, way different.

I have had to try to explain these concepts at least fifty times over
the past 48 hours.  :)


Curtis

______________________________________
Curtis Kline
Residential Network Coordinator
University of California Santa Barbara
805.893.4016 Voice
805.893.4766 FAX
 

+ -----Original Message-----
+ From: Gary Flynn [mailto:flynngn at jmu.edu] 
+ Sent: Tuesday, October 01, 2002 3:51 PM
+ To: Valdis.Kletnieks at vt.edu
+ Cc: SANS (E-mail)
+ Subject: Re: [unisog] Slashdot's UCSB Article
+ 
+ 
+ Valdis.Kletnieks at vt.edu wrote:
+ > 
+ > On Tue, 01 Oct 2002 14:16:32 EDT, Gary Flynn said:
+ > 
+ > > Why not? Its the organization's network. AUPs regularly 
+ put constraints
+ > > on the operation of a computer and behavior of its 
+ operator. Why shouldn't
+ > > connection be based on the application of a certain 
+ registry configuration
+ > > (which is really all a policy is)?
+ > 
+ > There's a difference between saying "your machine must be 
+ secured thusly
+ > to connect to the network" and "you must give me root on 
+ your machine so
+ > I can secure it for you".
+ > 
+ > > But they own the network.
+ > 
+ > And if you are forced to join a domain, they effectively 
+ own the box too.
+ 
+ True. I hadn't thought of that in relation to student 
+ computers. Its also 
+ true of Netware and probably PCNFS and SAMBA or any other "NOS" whose 
+ clients hook into the OS and run login scripts.
+ 
+ It would be like an ISP running a NOS and using it to manage its 
+ customers' configurations for them. Scary no matter what side of the 
+ fence you look at it from. :)
+ 
+ -- 
+ Gary Flynn
+ Security Engineer - Technical Services
+ James Madison University
+ 
+ Please R.U.N.S.A.F.E.
+ http://www.jmu.edu/computing/runsafe
+ 



More information about the unisog mailing list