Slashdot Mirror

← Back to Stories (view on slashdot.org)

MIT To End Open-Network Policy In Response To Recent Attacks

Posted by samzenpus on from the ruining-it-for-everybody dept.

An anonymous reader writes "MIT announced that despite a long history of running an open network (so that any student can run a server on any port, without any questions asked), it will now end this policy due to recent denial-of-service attacks and gunman hoax. From a letter sent by Executive Vice President and Treasurer Israel Ruiz: 'I am deeply and personally committed to safeguarding our community, protecting our campus and securing our systems. Together with our colleagues dedicated to campus safety and security, with the support of senior academic leadership and in collaboration with the campus community, we are deploying all necessary resources to this effort. It will require the dedication of all of us to promote safety awareness, complete necessary emergency training, and adhere to reinforced cyber security guidelines. IS&T staff members are working with information technology (IT) leadership and partners across campus in making the changes described above. We continue to explore all opportunities to further strengthen our preparedness, and will communicate additional information as these plans evolve.'"

4 of 144 comments (clear)

  1. Re:Lame. by Wookie+Monster · · Score: 5, Insightful

    Terrorists didn't win you say? Consider that the next time you're at the airport.

  2. Optional by Sarten-X · · Score: 5, Insightful

    Apparently, the new policy is just by default:

    Those engaged in research, teaching and learning activities will be given the option to opt out of the default network security policy through a self service mechanism.

    Basically, it looks like someone in administration finally asked "What if we're actually a target?" and the response was "we're royally screwed". Yes, it's nice to give open access to everything, but I doubt most college students, even at MIT, follow reasonable security procedures. So now, they're going to block everything by default, and if someone wants to open access, they can do it themselves. Best case, there's no problems and nobody notices. Worst case, MIT's network isn't such a help during an attack.

    So a university changed its default security policy. Big deal. I don't see how this is newsworthy.

    --
    You do not have a moral or legal right to do absolutely anything you want.
    1. Re:Optional by Sarten-X · · Score: 5, Insightful

      Cute, but wrong.

      Minecraft (and other game) servers are just as good at learning proper administration techniques as the IRC servers I ran in my college days. The admins must go through the configuration process, think about uptime, anticipate resource needs, and put some concern into security, while carefully handling (or intentionally not) the interpersonal conflicts that arise among users... all the same tasks a good admin must mind in the real world of IT.

      Coincidentally, I'm currently mentoring a high-school student preparing for an IT program at college. We're going over some basic admin skills in advance of his classes, focusing on the real-life experiences from my day job as an IT admin at a finance company. His main service is actually a Minecraft server... but behind the scenes, he's running Bash scripts for backup & housekeeping, Apache for a web-based world map, Nagios to alert him if/when something crashes, and some Perl hacks (that I wrote) to add a few server functions.

      Of course, that's just for a silly little game, but it doesn't really matter what the user-facing service is. The demands of IT administration are pretty generic. I use similar services daily, though the backups are done less with Bash and more with Enterprise Agentless Backup Manager Plus Professional Ultimate Corporate Edition.

      --
      You do not have a moral or legal right to do absolutely anything you want.
  3. Re:Lame. by macraig · · Score: 5, Insightful

    You ruined your own argument halfway through the rant. It's not about "Fuck the terrorists. We don't negotiate. Ever." It's about reacting knee-jerk to terrorism by altering values, restricting freedoms, and generally making the society more closely resemble the repression of the terrorists' own culture. So actually the "country as a whole" did in fact give into terrorism. We have the Patriot Act (still) and a whole tanker fleet full of other repressive and invasive institutions and programs that either didn't exist at all beforehand or were mere shadows of what they are now.

    The terrorists did win, regardless of per capita casualty stats. Our society now looks a bit more like their ideal than it did in 2000, not the other way around.

    What MIT has done here is exactly the same behavior.