large campus network ... sugestions

To: debian-security@lists.debian.org
Subject: large campus network ... sugestions
From: "Tirla Adrian" <tirlaadi@gmail.com>
Date: Fri, 14 Dec 2007 21:58:08 +0200
Message-id: <[🔎] 446399850712141158u55796ablcfc98785d411267e@mail.gmail.com>
In-reply-to: <446399850712141145g260654d0kc84141d57997063e@mail.gmail.com>
References: <446399850712140157j7e237ec7l343598574614b3df@mail.gmail.com> <[🔎] 446399850712140304k1ef38b17t30737d62b1ec169b@mail.gmail.com> <[🔎] 4762CE06.3010407@gmail.com> <[🔎] 690ef5850712141100i31ad7e5aud019af8a3d36f915@mail.gmail.com> <446399850712141145g260654d0kc84141d57997063e@mail.gmail.com>

Hello Andradas,

I was thinking now the same way ... how does it do the authentication
... horatio looks really nice but if the users have to keep a web
browser opened all the times this is the same like the certificates
authentication ... and it doesn`t seem like an option to me ... . Many
students just chat on yahoo messenger ...

It is indeed a solution ... I'll consider it.

HTB is for sure going to be used if i'll have a secure authentication
method and leave all ports opened.

Adrian TIRLA


On Dec 14, 2007 9:00 PM, Jonas Andradas <j.andradas@gmail.com> wrote:
> Hello,
>
> Regarding horatio, which seems interesting, I wonder how it does the
> filtering.  If it just creates iptables rules based on IP, if users
> can sniff traffic (i.e. unencrypted wireless), they could change their
> mac address and IP and try to trick Horatio into thinking they are a
> "valid" user...   Or maybe I am wrong.
>
> Regards,
>
> Jonas Andradas
>
>
> On Dec 14, 2007 7:40 PM, Adrian Minta <adrian.minta@gmail.com> wrote:
> > Tirla Adrian wrote:
> > > Hello,
> > >
> > > I`m currently one of the network administrators of a 3000+ students
> > > and i have some issues maintaining security, authentication ... and
> > > quality of service ...
> > >
> > >
> >
> > 1. For authentication you may use something like:
> > http://horatio.sourceforge.net
> > 2. Block outgoing connection on ports like: 25, 445, 137-139, block
> > multicast, broadcast and bogons.
> > 3. To save bandwidth use transparent proxy.
> > 4. Limit each IP to a maximum bandwidth using HTB and especially limit
> > NAT translation per IP to a reasonably small amount ( 32 should be fine
> > if you are not allowing P2P).
> >
> > --
> > Best regards,
> > Adrian Minta    MA3173-RIPE, MA314-ROTLD, www.minta.ro
> >
> >
> >
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> >
> >
>
>
> --
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>

Reply to:

References:
- large campus network ... sugestions
  - From: "Tirla Adrian" <tirlaadi@gmail.com>
- Re: large campus network ... sugestions
  - From: Adrian Minta <adrian.minta@gmail.com>
- Re: large campus network ... sugestions
  - From: "Jonas Andradas" <j.andradas@gmail.com>

Prev by Date: large campus network ... sugestions
Next by Date: Re: large campus network ... sugestions
Previous by thread: Re: large campus network ... sugestions
Next by thread: large campus network ... sugestions
Index(es):
- Date
- Thread