Slashdot Mirror
Ask Slashdot: Securing Systems you don't Manage
A verbose member of Clan Anonymous Coward asks this
difficult question: "My university has a problem.
We have lots of autonomous departments managing their own
computing infrastructure, lots of autonomous
users managing their own computers and a very
large network population (in excess of 20k people). Of the
systems which are not managed by "professionals" about 10%
are linux. How should the university tackle the problem of
people keeping their boxes up-to-date whenever
it has little control on the box owners? Using
tools to identify problems (e.g. nmap, satan,
etc) is the easy part. How do we then get
hundreds of different computer owners to update their systems when they didn't know what they
were doing in the first place? How to we do
this in a climate where the resources are
not available to employ herds of new computer
support staff to assist these people?"
Our anonymous submittor continues...
"Many of us recognise linux as being a good thing (tm) and indeed many of us use linux to provide high availability and robust services. Unfortunately, many of the "non-professionals" who install linux tend not to know what they are doing. They get their system installed and bring it up on the network (easy now compared to what it used to be!) and then leave the system to look after itself. All fine so far, except that most of these boxes are running the plethora of services that come enabled by default on popular linux distributions (e.g. imap, www, etc.).
The problem comes in like this: there is a high rate of publication of exploits for linux systems and, unless users are very careful to keep up-to-date with patches, they are compromising the entire computing infrastructure for everyone."
This sounds like a Network Policy Issue. Most networks have rules that state the acceptable uses for the resource and the conditions that must be satisfied for it's continued use. It seems something like this would be appropriate here. The larger problem however, is its enforcement. What do you all think?
"Many of us recognise linux as being a good thing (tm) and indeed many of us use linux to provide high availability and robust services. Unfortunately, many of the "non-professionals" who install linux tend not to know what they are doing. They get their system installed and bring it up on the network (easy now compared to what it used to be!) and then leave the system to look after itself. All fine so far, except that most of these boxes are running the plethora of services that come enabled by default on popular linux distributions (e.g. imap, www, etc.).
The problem comes in like this: there is a high rate of publication of exploits for linux systems and, unless users are very careful to keep up-to-date with patches, they are compromising the entire computing infrastructure for everyone."
This sounds like a Network Policy Issue. Most networks have rules that state the acceptable uses for the resource and the conditions that must be satisfied for it's continued use. It seems something like this would be appropriate here. The larger problem however, is its enforcement. What do you all think?
0 of 106 comments (clear)
No comments match the current filter.