Hello, In the fall, I will be starting a new position as Professor of Sociology at the University of Florida. When I interviewed, one of my requirements was that I be allowed to run linux on my office computer. They said it would not be a problem. However, now that I have signed the contract and am soon to arrive, they have attached some conditions. The most serious condition is that I must sign a document stating that I am financially responsible for any cost incurred by the University if someone hacks into my computer and causes damage to their network. Although I have philosphical objections to this kind of policey, I am willing to sign this if that is what it takes because I am quite confident about my knowledge of security issues.
Anyway, here is the reason for this call for help. Tomorrow, I must talk on the phone with the sysadmin of the College of Liberal Arts and Sciences and explain two things: 1) they want to know why I need linux instead of using their unix system and having MS Windows on the desktop; and 2) they want to know that I am conscious of security issues. If anyone has any suggestions for the kinds of things to stress, I would be happy to hear them. I plan on emphasizing the fact that I disable most services in inetd. The only servers I run are an ssh server and an ftp server. I do not allow anonymous ftp, and I tunnel all my ftp transfers through ssh. I am the only person with an account on my box. I will also emphasize the fact that security updates are available on a daily basis through debian's dpkg system. Here is one concern of theirs, though, that I don't understand. They said one problem with linux is that it will trick their network into thinking that my linux box is the main server, thus bringing down a system of over 2000 users. I cannot imagine how this would happen. The only thing I can think of is the issue of the master browser in samba. If it is "elected", I suppose my machine could force itself to be the server. I don't know enough about samba, though, to know if this is possible. However, if I don't run a samba server, it wouldn't be a problem, right? Can anyone else think of why this might happen? Thanks and sorry this message was so long, Brian -- Brian J. Stults Doctoral Candidate Department of Sociology University at Albany - SUNY Phone: (518) 442-4652 Fax: (518) 442-4936 Web: http://www.albany.edu/~bs7452
