Hello, Regarding horatio, which seems interesting, I wonder how it does the filtering. If it just creates iptables rules based on IP, if users can sniff traffic (i.e. unencrypted wireless), they could change their mac address and IP and try to trick Horatio into thinking they are a "valid" user... Or maybe I am wrong.
Regards, Jonas Andradas On Dec 14, 2007 7:40 PM, Adrian Minta <[EMAIL PROTECTED]> wrote: > Tirla Adrian wrote: > > Hello, > > > > I`m currently one of the network administrators of a 3000+ students > > and i have some issues maintaining security, authentication ... and > > quality of service ... > > > > > > 1. For authentication you may use something like: > http://horatio.sourceforge.net > 2. Block outgoing connection on ports like: 25, 445, 137-139, block > multicast, broadcast and bogons. > 3. To save bandwidth use transparent proxy. > 4. Limit each IP to a maximum bandwidth using HTB and especially limit > NAT translation per IP to a reasonably small amount ( 32 should be fine > if you are not allowing P2P). > > -- > Best regards, > Adrian Minta MA3173-RIPE, MA314-ROTLD, www.minta.ro > > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
