What we are getting to here is similar to what happened a hundred years ago with the
automobile. When there were very few cars on the road, one didn't need to pass a
drivers exam to drive and there was not much licensing of drivers. Most drivers were
professionals (chauffeurs) so it was not much of a problem. But then automobiles
became available for the middle class and people used them for day to day activities.
The result was an explosion of accidents, collisions and thefts.
The result was a clamour for licensing to keep the kiddies off the street. When you
left your own driveway, there were traffic lights, stop signs and eventually our whole
road system. Nowadays, we could not even conceive of allowing 10 year olds to driver
or letting anyone who purchases a car on the road without a licensed vehicle and a
license for the driver.
Just as a safety certificate is required to get on a highway (but not on your private
property), we need a server certificate for connecting to the internet, managed by a
sysadmin with some credentials.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Gary Flynn
Sent: Friday, June 08, 2001 13:26
To: '[EMAIL PROTECTED]'
Subject: Re: This is a must read document. (.edu and ISP perspective)
"Young, Beth A." wrote:
>
> 1. Departments on Univ campuses are run like individual fiefdoms.
As the nature of our computing environment has changed, and with it
the incidents and effects of computer abuse, computer security has
become more like public safety, telecommunications, and other issues
critical to the organization as a whole. Some universities have
already recognized this:
http://www.itc.virginia.edu/security/policyguide.html
> 2. Students in Residential housing.
This is changing too. From the policy referenced above:
===========================================================
Scope
This policy applies to anyone in the university community owning or
overseeing the use of a computing device of any type connected to
the University of Virginia network, including but not limited to:
<snip-gf>
b. Faculty, staff, students and other individuals who have devices
connected to UVa's network, even if those devices were acquired
personally, i.e. not with university or grant funds;
===========================================================
I think it is important to recognize that the the model of tens of
thousands of student residence computers connected to a high bandwidth
network is no different than the growing cable and DSL connected home
computers. I read one report that estimates that in 2002 there will be
17,000,000 computers connected in this manner. While a university may
scan on-campus residence networks for vulnerabilities and limit access
accordingly, who is going to do it for those 17,000,000 home computers?
--
Gary Flynn
Security Engineer - Technical Services
James Madison University
Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/info-security/engineering/runsafe.shtml
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
