Re: large campus network ... sugestions
Hello,
Regarding horatio, which seems interesting, I wonder how it does the
filtering. If it just creates iptables rules based on IP, if users
can sniff traffic (i.e. unencrypted wireless), they could change their
mac address and IP and try to trick Horatio into thinking they are a
"valid" user... Or maybe I am wrong.
Regards,
Jonas Andradas
On Dec 14, 2007 7:40 PM, Adrian Minta <adrian.minta@gmail.com> wrote:
> Tirla Adrian wrote:
> > Hello,
> >
> > I`m currently one of the network administrators of a 3000+ students
> > and i have some issues maintaining security, authentication ... and
> > quality of service ...
> >
> >
>
> 1. For authentication you may use something like:
> http://horatio.sourceforge.net
> 2. Block outgoing connection on ports like: 25, 445, 137-139, block
> multicast, broadcast and bogons.
> 3. To save bandwidth use transparent proxy.
> 4. Limit each IP to a maximum bandwidth using HTB and especially limit
> NAT translation per IP to a reasonably small amount ( 32 should be fine
> if you are not allowing P2P).
>
> --
> Best regards,
> Adrian Minta MA3173-RIPE, MA314-ROTLD, www.minta.ro
>
>
>
>
>
> --
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
Reply to: