At 994884618s since epoch (07/11/01 15:50:18 -0400 UTC), Brian Stults wrote:
> and 2) they want to know that I am conscious of security issues.  If
> anyone has any suggestions for the kinds of things to stress, I would be
> happy to hear them.

Our IT department was wary (though not afraid) of linux users, because
once you've rooted a linux box, password sniffing is only a short
distance away.  However, with all those fun windoze tools out there,
taking over windows machines is just as easy, and just as devastating
for the network.

Emphasize that you're probably safer running linux than windows.  You
won't be using Outlook (a major plus <g>), and you actually know how
to secure a linux machine.  You won't be running a public webserver,
etc, etc.  Offer to let them try to hack your box... =)

> Here is one concern of theirs, though, that I don't understand.  They
> said one problem with linux is that it will trick their network into
> thinking that my linux box is the main server, thus bringing down a
> system of over 2000 users.

They might be referring to using Samba and setting it up as a domain
master.  This is stupid, because a) it doesn't come configured that
way, and b) any organization worth its salt will run a backup domain
controller to ensure that nobody can hijack control of the domain (for
a while, all Win 95 boxes were factory set to try to elect themselves
as the browse master for a domain, so they should have solved this
problem anyway).

They might also be referring to other misconfigurations... since linux
lets you tweak so much, it is possible to make dumb mistakes (I once
advertised myself as the shortest path to all appletalk devices.  You
can imagine the warm reception I got from IT on that one when all the
printers fell into a Black Hole of Routing.)

While linux makes this stuff possible, it doesn't mean that you're
automatically going to do it.  Also, it is possible to do some of this
stuff even if you have windows, so it's not really fair to assume that
you'll do anything wrong (is this 'OS profiling'?).  If they're
assuming that you're malicious, then that's their problem; if you
really want to screw the network you can do it hundreds of ways
without needing linux.

Just talk to them and try to show that you have a clue (but aren't
pompous), and if they have any sense they'll warm up to you.  My
college's IT department was cold and unfriendly, until you get to know
them.  After some friendly chats, they'll let you do whatever you want.

Jason
--
Jason Healy    |     [EMAIL PROTECTED]
LogN Systems   |   http://www.logn.net/

Reply via email to