[unisog] Sightly OT: Re: [unisog] University virus-writing course?
Peter Van Epp
vanepp at sfu.ca
Thu May 29 15:39:41 GMT 2003
On Wed, May 28, 2003 at 08:59:13PM -0400, Phillip G Deneault wrote:
> Now all this would be fine as long as they stay inside of the campus
> network(and preferably their own isolated network). However the project
> has made strides to team up with other universities and companies to
> attack and counter-attack each other that test systems and sub-systems of
> the project. This is the problem I have. I'm concerned that untrained
> students will be attacking systems on both sides with all the sublity of
> a machine-gun.
The first thing I'd suggest is finding your Insurance/Risk Manager
and let him or her suggest how much liability your institution could be
facing should this go wrong and the cost of insurance against such a problem
(which would of course be funded by the research project). That sets up either
common sense (and appropriate controls) or an "I told you so" CYA out should
disaster strike because management decided to take the risk.
That said, were I facing this particular problem my first cut would
likely be IPSec hardware gateways (in my control not the researcher's) that
create a VPN between the isolated attack networks at the various institutions.
If the network uses non routable addresses inside the VPN tunnels even an
accidental connection to an inappropriate network should remain local (assuming
you block non routables outbound). Essentially create a distributed isolated
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the unisog