[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]



I am in the process of getting a debian server in the high school that I
teach in.  The network admin is concerned about the security of the
exsisting Novell Server, border manager, etc.  Our ISP is very picky
about not hogging more bandwidth than we are suppossed to use.

I have been carefully pushing for a debian linux server for about 3 years
and now I am very close to getting one for my students to program on. The
network admin is the last person I need to sign off on....

Below is a message from him, that I need to reply to in order for him 
to sanction the machine.  I would like some help in creating a reponse 
to sooth his anxiety and fears.


I have described the Linux project, its uses, and its physical placement
within our network, to four knowledgeable people, and asked for their
thoughts and recommendations.

A. Partner in a consulting company based in Hunterdon County.  Their
mission is to encourage Linux use in small/medium companies.

B. Lt. Col. (ret.) USAF,  now a contractor for the Air Force (process
compliance and Unix network administrator)

C. Network technician.  This person builds wide-area networks for
corporations and financial institutions

D. Computer consultant.  This person has extensive employment experience
(programming, documentation, database, networking) with HP, Agilent, and
others.  Husband and brother also do design work for top computer firms.

They all insisted that a dedicated firewall is a requirement.  They are
unanimous in their exhortation that the server be properly secured.  "B"
gave specific items to examine in this regard,  and "A" offered to scan it
from inside and outside our building.  

"A,"  "B,"  and "C" state that, even if it IS properly secured, this does
not prevent some types of malicious behavior.  "A" and "B" think that the
risk is no greater than our current setup, while "C" has reservations that
we should not increase our susceptibility, and that the 24-hour
availability of this server leaves us open to mischief.

I share "C"'s concern.  In-school computer use is subject to various
controls, not the least of which is teacher oversight.  By design, a
publicly accessible server on which students can run their own programs at
3 a.m. lacks this important security. 

In light of this last point, let me pose a situation:  A student loads and
runs a program onto this Linux server which then launches attacks on other
computers or routers on the Internet.  Such attacks could be as simple as
participating in a Denial-of-Service attack.  In our earlier meeting, you
said that proper settings, permissions, and restrictions could prevent that.  

Since this is one of the situations for which I am most concerned, can you
give me (in excruciating detail) the steps which would prevent this?  

Brian R. Furry						fbrian@nac.net
==============						===============
  The Power of Open Source can only give the people what 
  they so richly deserve ...
  stable and flexible computing

================					===============
Debian/GNU Linux                        		www.debian.org

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: