Slashdot Mirror

← Back to Stories (view on slashdot.org)

Behind the Scenes at MIT's Network

Posted by Zonk on from the mighty-interesting-technology dept.

BobB writes "MIT's head of computer networks and security gives an inside look at how the techie school is fending off hackers, cranking up its network to handle voice over IP and become a fiber network operator to link to other research institutions. From the article: 'Q - How do you actually enforce security standards among MIT's departments and network users? A - Enforce is not a word you can use at MIT. We try to entice people to do the right thing. We've made a lot of progress. We've removed the financial incentive to run your own network, which used to be cheaper than having us do it. We've been a cost-recovery network since forever now though. At many universities the network is free and they just fund it out of operating costs.'"

28 of 118 comments (clear)

  1. The main security problem by zappepcs · · Score: 4, Insightful

    FTFA:
    Q:.. I know MIT has not been immune to breaches either, but what do you think when you hear about new breaches like these?

    A:.. The problem we all have is the Microsoft patch of the week. I hate to say it, but it's sort of the payback for universities not paying attention to security for decades or being sloppy about administrative computing. ....

    Not that MS is the only problem, but they helped secure that mentality. I don't think Linux would have made it easier or better either. He goes on to talk about use of SSNs and other bad ideas. If only businesses would listen to this type of advice!!

    --
    Support NYCountryLawyer RIAA vs People
    1. Re:The main security problem by TodMinuit · · Score: 5, Insightful

      If only businesses would listen to this type of advice!!

      If only consumers would demand that business listen to this type of advice.

      --
      I wonder if I use bold in my signature, people will notice my posts.
    2. Re:The main security problem by bugg · · Score: 2, Insightful

      If only ideas were evaluated on their merit, rather than based on the amount of money people can throw towards them.

      "Market forces" don't guarantee smart outcomes, especially given that smart isn't correlated with wealthy.

      --
      -bugg
  2. MIT on wireless security by mabu · · Score: 4, Funny

    FTA:

    What about dealing with wireless on campus these days?

    We recently started surveying our community about what mobile devices they are using, how they are using them, etc. We have a team of people worrying about this.

    1. Re:MIT on wireless security by rucs_hack · · Score: 2, Interesting

      Wireless on a whole campus? Wow. Is that standard in the US?
      At my uni we have wireless within the CS dept only, and that only within a small part of the building. It's monumentally shit.

    2. Re:MIT on wireless security by Marxist+Hacker+42 · · Score: 3, Interesting

      It's becoming standard. Heck, my CITY is going wireless, and this article says the building I work in will be covered by MetroFi in the next 4 months.

      --
      SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
    3. Re:MIT on wireless security by Overzeetop · · Score: 3, Interesting

      Not quite "everywhere", but Virginia Tech has it in most places on campus (~30k students over a pretty big area). It's pretty fast, even in well-populated areas. Interestingly, the hardwired, general access 10bT ports are no faster than the wireless, as I found out one day when I figured I might get a speed boost while d/l a new knoppix image off a (known) very fast server. Still peaked at 3Mb - really no better than my DSL at the office. Go figure.

      --
      Is it just my observation, or are there way too many stupid people in the world?
    4. Re:MIT on wireless security by Stevecrox · · Score: 2, Interesting

      I thought MIT was the big tech University, at my Uni (University of Plymouth (UK)) we've had a wireless network that covers the ENTIRE campus, its powerfull enough that you can actually still pick it up in the city centre (I keep meaning to investigate that because I can pick it up a quater of a mile away and that sure as hell breaks the 802.11g spec.)

      Plymouth University isn't small (about 30000 students enroled) because of the cost of notes the IT department modifed MS Exchange and started putting all lecture material online. Plymouth University also has 6 smaller campuses all of which can access this network (wirelessly on their campuses) there was a major network failure for the first time recently (A recently bought batch of Hard Drives failed badly in the SAN taking most of it out two days before the christmas break, by the end of the next day most of the network was working bar personal account space and personal email) by the new year (a week and a half after the failure) the full list of services were running as far as I've been able to make out only emails sent the night of the failure were lost (it happened at 7PM.) Since all external connections go through the Uni's VPN its also pretty secure.

      Now this is for a university which is primarily a humanties university, why is a technology university only now looking at providing wireless access for laptops and PDA's when some have been doing it for five years? Why has a Tech University only recently got any good at doing things others have been doing well for years? I think thats the real question in my mind

    5. Re:MIT on wireless security by yandros · · Score: 4, Informative

      MIT has had wireless networking essentially everywhere for about 10 years now.

      The article is talking about efforts to develop and support new uses. In particular, it is surveying new uses for wireless devices at the moment (the most public being an opt-in program that will tell you where your friends are connected to the network in real time).

  3. Public IPs by avalys · · Score: 5, Informative

    The cool thing about MIT is that they own the entire 18.0.0.0/8 Class A address space, so every device on campus has a public IP.

    And all computers (even student machines) are connected directly to the Internet - no NAT, no firewall, no protocol limitations, no bandwidth caps.

    The catch is that all computers need to have a registered MAC address in order to get on the network, so if your Windows machine gets infected with a virus, they can disconnect you in a hurry.

    --
    This space intentionally left blank.
    1. Re:Public IPs by Zackbass · · Score: 4, Interesting

      All computers on that use DHCP need registered MACs, if you've got a static IP there's no need at least as far as my experience has been.

      IST does a damn fine job, the stakes on having the network running smoothly are quite high and they get it done, but more importantly is the amount of freedom they allow. We've got the most heterogeneous environment I can think of with hundreds of Course 6ers looking for new ways to bend the network and Course 15s finding new ways to try to break it. There's everything from half broken 486s to Playstation 3s running SVN repositories to completely custom embedded devices sitting all over the network (not that they support these devices) running like a well oiled machine.

      --
      You gotta find first gear in your giant robot car
    2. Re:Public IPs by curlynoodle · · Score: 2, Interesting

      Penn State issued a public IP for every machine connected to their network. It still may be so. Before Napster came down, I hosted my music collection, amongst other things, on the Internet via FTP.

      In my time there, they did not, however, actively monitor systems for viruses and malware. I often received spam from student PCs attempting to spread viruses via attachments. Many lab systems suffered from various malware, although that improved in my last year after they switched to a pseudo-thin client setup.

      Today, I see such IP allocations as wasteful. The worst is a power utility which I worked for a few years back. They have (had) a direct allocation (can not recall the exact size), which they used of course for business purposes. However, they also assigned public IPs to devices never exposed to the Internet, i.e PLC controllers and process control computers. Most unfortunate IMHO.

  4. enforce? by Anonymous Coward · · Score: 3, Funny

    How do you actually enforce security standards among MIT's departments and network users?

    I like to rely on my friends Mr. Louisville and Mr. Slugger.

  5. Only at MIT... by Anonymous Coward · · Score: 3, Funny

    From the article: "our toilet server, which does voice mail and all the other crap, runs Asterisk software"

    Wow, at MIT, even the *toilets* are servers? No wonder they have their own class A! :-)

    1. Re:Only at MIT... by zstlaw · · Score: 4, Funny

      When the toilet server goes down the sh*t really hits the fan.

      ~Z

  6. Disappointed... by __aaclcg7560 · · Score: 2, Interesting

    I really hate articles that describes all these great networks and server rooms but don't have any pictures of the hardware. It's not like someone is going to search a picture to find an unsecured air vent in the ceiling so they can drop down among the laser sensors to hack into the computer.

  7. It happens, but not "standard." by Kadin2048 · · Score: 4, Informative

    It's not "standard," but there are places that do it. Generally small campuses, or ones that didn't build-out wired infrastructure when they should have, and are now trying to catch up and be 'wired' using 802.11 as a substitute for a real copper network.

    I know there are quite a few schools deploying it strategically, which seems like a good plan. It only takes a few minutes walking around a college campus to realize that there are a few key places where wireless would be most useful, and a lot of places where it would probably be underutilized. Libraries are huge -- go into any uni library and you'll see rows of people typing away on laptops. If you can't afford to put an Ethernet drop at every study carroll, wireless is the next best thing. (Well, actually, both would be best.) Study lounges and communal spaces are probably next, followed by cafeterias and big lecture halls (if you want to encourage people to use laptops in class; some schools might have faculty that would rather discourage that). In warm climates, outdoor locations can be great locations for Wifi, too.

    But deploying it all over a large campus would, for most schools, be impractical. It would take too many base stations and would cost too much for the number of users you'd probably have at a time on most of them. I think if you did roll it out everywhere, you'd probably find pretty quickly that some nodes took huge amounts of load, while others were basically never used. For this reason, most large places with a competent IT staff don't just shotgun it all over campus, but are more selective.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
    1. Re:It happens, but not "standard." by Jjeff1 · · Score: 2, Interesting

      MIT has deployed wireless all over the place. I go there once a year for the MIT Mystery Hunt. I was amazed last year as part of the hunt took us into a boiler room deep inside the basement of some building. The boiler room was a maze of pipes and of questionable safety, but screwed to the wall was a WAP; in the boiler room.

  8. I'm not sure which disturbs me more by Marxist+Hacker+42 · · Score: 2, Funny

    That MIT-level hackers (See Steven Levy's book) have direct, Class-A network access to the Internet, or that a school like MIT still doesn't get the idea of the network as an infrastructure utility rather than a cost-recovery service.

    --
    SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
  9. Not a trivial change. by Lethyos · · Score: 4, Insightful

    I looked at the old one and compared it to mine (the same type he had). The only difference was the six buttons where Home, PgUp and so forth are located are arranged vertically on the new keyboard compared to horizontally on the old one.

    When I switched to a keyboard that rearranged my “Super Six”, I was distraught too. I kept hitting the wrong keys and it was annoying for some time. This is not a trivial difference for people used to not staring at their keyboards as they work.

    --
    Why bother.
  10. Re:Huh? by RajivSLK · · Score: 5, Funny

    Are you kidding me? All he wanted was his old keyboard back. If somebody gave me one of those new keyboards with the vertical layout I would probably beat them around the head with it.

  11. Re:Huh? by geekoid · · Score: 5, Insightful

    If someone wanting thwe same keyboard gives you a bad sttitude, it's not the customer, it's you.

    Did you consider when using his keyboard he didn't look at the keyboard?

    If this person job is data entry, then YOU were in the wrong for not anticipating then need for the same keyboard layout.

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
  12. Re:Huh? by Anonymous Coward · · Score: 3, Insightful

    Yes, it is, you nimrod.

    You probably spend a ton of time picking out your gadgets or aligning things to just the way you like them, but I suspect you just throw any old thing at users and expect them to "deal with it", after all, they're just clueless anyway, right? Hey, if the user liked the keys arranged horizontal v vertical, then what's wrong with that, and why does it justify your bad attitude becuase of it?

    You give us IT "professionals" a bad rep.

  13. Re:Huh? by eldepeche · · Score: 3, Insightful

    I can't believe someone with enough technical responsibility to replace someone else's computer would use those keys so seldom that he wouldn't care if they were rearranged. It's bad enough that my laptop isn't big enough to have them, but if they were all there and I had to look at them, I would flip out.

  14. Re:Huh? by honkycat · · Score: 4, Insightful
    What, you think because someone doesn't like something because it's different we should coddle them?
    No, but people get very comfortable using their tools. Is it really a ridiculous request to keep the old keyboard? Is it really something worth mocking him over? As an IT worker, your job is to support the users, not to make arbitrary changes to their working environment. If there's a good reason that the request NOT to have his keyboard changed would create a serious problem, then he's got to adapt. Otherwise, it's just a jerk in IT going on a power trip.

    Frankly, the keyboards with those 6 keys vertical bug the heck out of me, too. It's a lot harder to feel where the middle row is when it's 3-high instead of 3-wide, since my fingers are arranged horizontally on the keyboard.
  15. Hooray for Public IPs by ejtttje · · Score: 2, Interesting
    Giving a windows machine a public ip address is a death sentence isn't it? If not now eventually? What keeps a fresh install of windows from getting blasterized the second you hook it up to download updates? (assuming not everyone has a nice copy of sp2 with their windows xp)
    Hahahah, ahhhh, thanks for once again reminding me why it's so nice to run a machine that *isn't* windows.
    Our school also gives public IP address to all our machines. It's so nice to be able to directly ssh/scp/sftp to your lab machine from home -- no tunnels, no firewalls, no VPN. Just you and your encrypted password. And then we go to some other institution and wonder why they take forever to load a web page -- and discover all the traffic for the entire network is being funneled through some machine which is trying desperately to NAT the entire campus's network. Siiiigh.

    Yes I'm spoiled. It's good to be at a university that doesn't need to baby its users. If you run Windows and it's not up to date, it's kicked off the network until you patch it. Don't like that? Then run your *own* firewall, or switch to a system that doesn't leak like a sieve. Don't expect to ruin it for the rest of us because *you* choose to run insecure software.
  16. Re:Huh? by skis · · Score: 2, Funny

    If someone wanting thwe same keyboard gives you a bad sttitude, it's not the customer, it's you.

    Looks like you were one of the people getting new keyboards.

  17. Re:Huh? by SomeGuyFromCA · · Score: 2, Insightful

    On the old keyboard those six were horizontal. On the new keyboard, vertical. In fact, the key he used was one spot to the right of where it was on the old keyboard.
     
      And the point of this key rearrangement?

    Each of the three things you note is change for the sake of benefit. Automatic transmission*, direct access to the number, arbitrary number of channels.

    What is the point of rearranging the six-block that you describe?

    If someone said "Here's your new phone. You have to use it constantly for your job. Oh, by the way, we rearranged the numbers so they now go

    789
    456
    123
      0

    , would you just accept this change-for-the-sake-of-change, or would you want to know why the primary interface that you use to function in your job has been suddenly changed for no apparent benefit?"

    Different is not necessarily better...

    (*: not that an automatic transmission is automatically a benefit. Let's have the example of a "stick"-shift that has paddle shifters on the steering wheel with an automatic clutch. That's also change, but it's change with a benefit, because you no longer have to take your hands off the wheel to shift."
    --
    if the answer isn't violence, neither is your silence / freedom of expression doesn't make it alright