[unisog] Print servers/RIPs

Jenett M. Tillotson jtillots at pharmacy.purdue.edu
Sun Aug 17 23:59:51 GMT 2003


A good suggestion for these kinds of boxes - that's any PC attached to an
"instrument" of some kind where the OS is controlled by another company
and requires a technician to install/fix/patch it - is to put a stateful
bridging firewall in front of it.  Purdue University has developed one
using BSD unix which runs on an early Pentium with only 32 megs of memory
and an 800 meg hard drive.

Since the firewall bridges, the firewall itself doesn't even need an IP 
stack although it filters based on IP.  Without an IP stack it's 
unhackable.  This also makes it hard to manage, but if you really need to 
you can bring up IP and it has an ssh daemon you can run.

We use these all over the place and they have been wonderful.  You can 
develop one of these yourself pretty easily.  Check out:

http://www.feu-nrmf.ph/norbert/misc/transparent_firewall_howto.html

Also, I can make our version of the firewall available.  Drop me a line if 
your interested.

Jenett Tillotson
School of Pharmacy
Purdue University

On Fri, 15 Aug 2003, Simon wrote:

> This is a "heads up" for anyone that has a publishing or printing division 
> on campus that uses Oce printing/copying gear.
> 
> Most of the large Oce printers have an internal or attached PC that 
> controls the printer queue. These boxes run various OSes, including W2K, 
> but do not have a user interface to indicate this. The OSes are configured 
> to the default "off-the-CD" settings and are not set for auto-update.
> 
> The only way to patch these machines is to get an Oce technician in. Might 
> be an idea to inform your printing sections and provide some form of 
> minimum security spec for the tech to configure.
> 
> Simon Corderoy
> Digital Prepress Coordinator
> Publishing & Printing Services
> UNSW
> http://publish.web.unsw.edu.au 
> 






More information about the unisog mailing list