Re: Infrastructure to hack & videostream: what do we have / need
Hi, all!
On Wed, Apr 06, 2005 at 08:45:52PM +0200, Holger Levsen wrote:
> > The server can be most likelly locked, without any problem. However, only a
> > limited amount of traffic will be allowed from-to the machine. I will
> > contact the TKK/TKY admins to see if the limit can be overridden.
>
> Can you please explain this situation a bit more in detail ?
The networks in Otaniemi are separated in two: the dormitory network (TKY) and
the student network of the university proper (TKK). Access from TKY to TKK is
fairly easy, but access from TKK (or any other internet machine) to a TKY
machine is firewalled and, to some extent, monitored.
> > Where are we talking about? Dormitory or CS department?
>
> Both :-) We want network everywhere, don't we ? :)
Yes, but the dormitory has already eth access in every room, with one eth
point and one fixed ip address assigned and the CS has wireless which will
have access all around the building and possibly some eth points where we can
hook to in the rooms we will have available (plus possibly some other eth
points in the main areas).
> > Again, where? The dormitory has cabled ethernet rooms, and has a eth point
> > in each room. The CS department has eth net and wlan net, which will have
> > password access.
>
> what kind of access you'll get then ?
>
> _one_ eth point in each room = private hubs/switches suggested ?
Yes.
> c|should we setup our own wireless infrastructure in the dormitory ?
It is a 4 floors+ basement building, so I dont know how convenient is to set a
whole wlan network for that purpose, since we have eth access and mose people
will even bring their own ap's.
> > The last list of requests is a bit blind. We have a firewalled net there. I
> > understand the need of a firewall, but then i dont see the point of the
> > ipsec (the net is wep'ed).
>
> wep provides no security, wpa would be sufficient, but ipsec provides
> additional features (vpns) so I would to provide both (wpa+ipsec) it if
> possible. i did not think hardware being a problem. if it is, we need to
> adjust or plans (or raise more hardware).
I am aware of the problems on WEP and the nice features of vpns and so on, but
I dont know up until which point people have IPSEC aware kernels in their
machines and are willing to go through the problem of setting such
configurations.
> could you please describe the network situation there ? is our network
> firewalled from the rest of the university network or only from the
> internet ?
I believe is firewalled from both, but then again I can ask the contact
person.
> > Can you clarify on these last machines?
>
> fileserver and ldap+dns+proxy+fai-server are clear to you ? "number crunchers"
> are some fast machines to build on (if we get those).
We will get some machines, and I believe they can be used for anything we
need.
> and i would really display captured cleartext-passwords with a video
> projector. people still need to become aware not to use them or tunnel those
> protocols if needed.
This last point is useless. I rather have a * DNS entry for a home page which
displays anything we have captured (substituting some characters with other
ones to still prevent those passwords from being used) or nothing at all, than
a place to show something were probably only few people will look at, and will
use some needed piece of hardware which will be appreciated somewhere else.
--
Jesus Climent info:www.pumuki.org
Unix SysAdm|Linux User #66350|Debian Developer|2.6.10|Helsinki Finland
GPG: 1024D/86946D69 BB64 2339 1CAA 7064 E429 7E18 66FC 1D7F 8694 6D69
Thank you for pressing the self destruct button.
--[Computer] (Spaceballs)
--
To unsubscribe, send mail to debconf5-team-unsubscribe@lists.debconf.org.
Reply to: