Slashdot Mirror


Openness and Security on Campus

djeaux writes "The April issue of Syllabus includes an interview with Jeff Schiller, Network Manager at MIT, about openness and security in academic computing. Schiller has some interesting things to say about product liability for software, including an out for open source software and boils security down to a simple maxim: You must install patches. He also says that what makes security hard is that it's a 'negative deliverable.'"

4 of 145 comments (clear)

  1. Re:Simpler than that by Rikus · · Score: 4, Interesting

    Openness and security can co-exist ONLY when everyone is trustworthy.
    I'm not entirely certain what you mean by that, but I don't think any "open" security details short of handing out keys and passwords should automatically destroy the security. It might make it a lot harder to keep everything going safely, but there are plenty of benefits too. I don't think security requires a "fence" if the thing behind the fence is safe. In the physical world, an invasion involves someone physically entering an area. In the electronic world, someone has to find some way to get the thing behind the fence to do something it wasn't intended to do.
    1) If the thing behind the fence is extremely well-designed, it won't allow something like this.
    2) If security is "closed", it's only secure because nobody understands it or because nobody has a chance to touch it.
    That sounds a lot like locking yourself in a secret underground bomb shelter and calling yourself "secure".

  2. My campus is all security, no openness. by Entropius · · Score: 4, Interesting

    I attend the University of Alabama in Huntsville, an engineering/research institution with enrollment around 15k. The Network Services people around here aren't really concerned about the value of openness to academia; in fact, most of their security is directed inward, against the students who have to use the machines.

    For instance, the "start" button on every lab computer has been disabled--people only have access to the icons on the desktop. Furthermore, right-click context menus have been disabled.

    On some public computers, even access to the address bar in IE is disabled--all you can do is follow the links from the homepage in IE.

    When I took a Mathematica class in the physics lab, we used a heavily neutered version of Windows NT, with file permissions set unusably tight. Browsers would crash on startup because they didn't have write access to their cache files, virtual memory was disabled (!), and the like.

    Network Services also has banned the use of BitTorrent on campus, causing consternation among people wanting to download contraband like, uh, Mandrake images.

    This is the same campus where average packet loss on ResNet is 20-30%. Students play games over dialup because it's faster and more stable than ResNet.

    1. Re:My campus is all security, no openness. by SpaFF · · Score: 4, Interesting

      I attend the University of Alabama in Tuscaloosa. It's funny that two campuses in the same University system would take different approaches to security.

      Here at UA, everyone gets a real IP address: there is no NAT. There is a "traffic shaper" on resnet which limits upload speeds and blocks incoming connections on some of the lower service ports (80, 25, etc). Central computing blocks incoming connections to port 25 except for mailservers, but that is just to prevent open-relay spam. Other than that, there is no firewall.

      Each college has it's own labs. The arts and sciences labs are locked down one way, the engineering another way, c&ba another way, etc. In most cases students can't copy files to the hard drive or fiddle with the control panel, but other than that there is no real "lock down".

      I work for one of the colleges on campus and we have been trying to get a firewall for our labs and faculty for years, but central computing won't allow it. They won't the network to be open, not for academics sake, but so that they can keep tabs on what everyone is doing. They think that if we put up a firewall it will keep THEM out too.

      --
      -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GIT d? s: a-- C++++ UL++++ P++ L+++ E- W++ N o-- K- w--- O- M+ V PS+ P
  3. American culture. by PlatinumInitiate · · Score: 4, Interesting

    You understood openness correctly, but mis-understood security. A safe is secure, even if 500 people know the combo... as long as those people are trustworthy.

    Interesting point.

    But using the same example, what if an outsider pretended to be someone that one of those 50 people knew, found out details from that person, and used it to trick one of the other 50 people, etc...

    One thing that struck me about American culture in general is that people seem to be a lot more trusting, and despite what a lot of Americans think, it IS a lot more of an open society than (probably most) other parts of the world.

    Coming from South Africa to study in the US (between 1999 and 2001) was an eye-opening experience. I don't know how much things have changed since the 9-11 incident and so on, but back then I was amazed at how open and helpful people were, for example, getting student visas, a social security number, a driver's license at the DMV...all very smooth, despite the fact that I was a complete forgeiner. In South Africa, it is often more difficult to get basic things like licenses and so forth processed as a citizen than it was to get them done as a forgein student in the USA! I don't know if it's just a different outlook people in the USA have, but dealing with South African bureaucracy has become even more painful since I returned to South Africa, remembering how comparitively smooth everything was in the US.

    The same with campus security. I'm fairly sure that if someone wanted to be underhanded, they could fairly easily socially engineer situations to break security systems.