large campus network ... sugestions
I was thinking now the same way ... how does it do the authentication
... horatio looks really nice but if the users have to keep a web
browser opened all the times this is the same like the certificates
authentication ... and it doesn`t seem like an option to me ... . Many
students just chat on yahoo messenger ...
It is indeed a solution ... I'll consider it.
HTB is for sure going to be used if i'll have a secure authentication
method and leave all ports opened.
On Dec 14, 2007 9:00 PM, Jonas Andradas <firstname.lastname@example.org> wrote:
> Regarding horatio, which seems interesting, I wonder how it does the
> filtering. If it just creates iptables rules based on IP, if users
> can sniff traffic (i.e. unencrypted wireless), they could change their
> mac address and IP and try to trick Horatio into thinking they are a
> "valid" user... Or maybe I am wrong.
> Jonas Andradas
> On Dec 14, 2007 7:40 PM, Adrian Minta <email@example.com> wrote:
> > Tirla Adrian wrote:
> > > Hello,
> > >
> > > I`m currently one of the network administrators of a 3000+ students
> > > and i have some issues maintaining security, authentication ... and
> > > quality of service ...
> > >
> > >
> > 1. For authentication you may use something like:
> > http://horatio.sourceforge.net
> > 2. Block outgoing connection on ports like: 25, 445, 137-139, block
> > multicast, broadcast and bogons.
> > 3. To save bandwidth use transparent proxy.
> > 4. Limit each IP to a maximum bandwidth using HTB and especially limit
> > NAT translation per IP to a reasonably small amount ( 32 should be fine
> > if you are not allowing P2P).
> > --
> > Best regards,
> > Adrian Minta MA3173-RIPE, MA314-ROTLD, www.minta.ro
> > --
> > To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact email@example.com