hi brian...

dont mention that you use ftp ....  if its tunneled thru ssh ...
its not an issue... ??? 
        if you use ssh, use scp instead of ftp anyway...
        if you dont have anonymous ftp... you dont need ftp at all

if you turned off stuff you dont use... you have a reasonable box
if you have also applied the lastest patches

if their in house admin gets annoying..ask him to break into your box...
and/or apply all the scripts to try to gain access...
and than do the same to all the NTs/Win98/Win95/Suns/HPs/IBMs etc..etc..
        - there's a hole already there... adding your linux box is not
        gonna make it any worst??

all boxes can be broken into if one wanted too... but...
how much time and $$ does one want to spend and what would one gain ???

you can also run nmap on their network to see how many other linux
boxes is on the network... not just yours


-
- i would NOT tell um its linux.... and let it go...
- bring in a laptop w/ linux too and check their network for linux
- boxes already there.. that they dont know about ?? ...
-

==
==
== if a [cr/h]acker does get into your PC from the outside...
== they have a major firewall issue... not that you have a linux box...
==
==

have fun
alvin

On Wed, 11 Jul 2001, Brian Stults wrote:

> Hello,
> 
> In the fall, I will be starting a new position as Professor of Sociology
> at the University of Florida.  When I interviewed, one of my
> requirements was that I be allowed to run linux on my office computer. 
> They said it would not be a problem.  However, now that I have signed
> the contract and am soon to arrive, they have attached some conditions. 
> The most serious condition is that I must sign a document stating that I
> am financially responsible for any cost incurred by the University if
> someone hacks into my computer and causes damage to their network. 
> Although I have philosphical objections to this kind of policey, I am
> willing to sign this if that is what it takes because I am quite
> confident about my knowledge of security issues.
> 
> Anyway, here is the reason for this call for help.  Tomorrow, I must
> talk on the phone with the sysadmin of the College of Liberal Arts and
> Sciences and explain two things: 1) they want to know why I need linux
> instead of using their unix system and having MS Windows on the desktop;
> and 2) they want to know that I am conscious of security issues.  If
> anyone has any suggestions for the kinds of things to stress, I would be
> happy to hear them.  I plan on emphasizing the fact that I disable most
> services in inetd.  The only servers I run are an ssh server and an ftp
> server.  I do not allow anonymous ftp, and I tunnel all my ftp transfers
> through ssh.  I am the only person with an account on my box.  I will
> also emphasize the fact that security updates are available on a daily
> basis through debian's dpkg system.
> 
> Here is one concern of theirs, though, that I don't understand.  They
> said one problem with linux is that it will trick their network into
> thinking that my linux box is the main server, thus bringing down a
> system of over 2000 users.  I cannot imagine how this would happen.  The
> only thing I can think of is the issue of the master browser in samba. 
> If it is "elected", I suppose my machine could force itself to be the
> server.  I don't know enough about samba, though, to know if this is
> possible.  However, if I don't run a samba server, it wouldn't be a
> problem, right?  Can anyone else think of why this might happen?
> 
> Thanks and sorry this message was so long,
> Brian
> -- 
> 
> Brian J. Stults
> Doctoral Candidate
> Department of Sociology
> University at Albany - SUNY
> Phone: (518) 442-4652  Fax: (518) 442-4936
> Web: http://www.albany.edu/~bs7452
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 

Reply via email to