Hi all, On Wednesday 06 April 2005 21:53, Jesus Climent wrote: > > > The server can be most likelly locked, without any problem. However, > > > only a limited amount of traffic will be allowed from-to the machine. I > > > will contact the TKK/TKY admins to see if the limit can be overridden. > The networks in Otaniemi are separated in two: the dormitory network (TKY) > and the student network of the university proper (TKK). Access from TKY to > TKK is fairly easy, but access from TKK (or any other internet machine) to > a TKY machine is firewalled and, to some extent, monitored. Ok, thanks. I misunderstood the part about the limits, I thought there might be traffic amount limits or such. I've added this information to http://wiki.debian.net/DebConf5TodoAdministration > > > Where are we talking about? Dormitory or CS department? > > Both :-) We want network everywhere, don't we ? :) > Yes, but the dormitory has already eth access in every room, with one eth > point and one fixed ip address assigned and the CS has wireless which will > have access all around the building and possibly some eth points where we > can hook to in the rooms we will have available (plus possibly some other > eth points in the main areas). (added to the wiki as well) So if we want wireless in the dorms, we should bring our own APs. IMHO, if we plan this beforehand and ask people to bring their stuff, it should be easily doable. > > c|should we setup our own wireless infrastructure in the dormitory ? > It is a 4 floors+ basement building, :-) Ok. And I still want to see blueprints ;) > so I dont know how convenient is to > set a whole wlan network for that purpose, since we have eth access and > mose people will even bring their own ap's. We'll get much better wireless network connectifiy if we plan and decide on a setup... otherwise we wont have roaming access and might get interferences. But to provide wireless for the dormitory is not the top priority, I certainly agree on that. > I am aware of the problems on WEP and the nice features of vpns and so on, > but I dont know up until which point people have IPSEC aware kernels in > their machines and are willing to go through the problem of setting such > configurations. That's the point of my idea: give people a opportunity (and a small howto, it's not that hard...) to setup ipsec. Here they would only have to deal with one side (their client) and the other side is known good, working. Of course we would also provide plain wireless and wep encryption. > > could you please describe the network situation there ? is our network > > firewalled from the rest of the university network or only from the > > internet ? > I believe is firewalled from both, but then again I can ask the contact > person. Would be nice to know before the/a event ;) > We will get some machines, and I believe they can be used for anything we > need. What does "some" mean ? I have absolutly no overview and idea, I know there were some mails about getting machines, but I would like to collect this information centrally as well (eg in the wiki). Like: 5 notebooks from HP (confirmed) 1 ia64 machine from HP (still not sure) ... > > and i would really display captured cleartext-passwords with a video > > projector. people still need to become aware not to use them or tunnel > > those protocols if needed. > This last point is useless. I rather have a * DNS entry for a home page > which displays anything we have captured (substituting some characters with > other ones to still prevent those passwords from being used) or nothing at > all, than a place to show something were probably only few people will look > at, and will use some needed piece of hardware which will be appreciated > somewhere else. ACK. regards, Holger
Attachment:
pgpYCObw8Cmys.pgp
Description: PGP signature