I can empathize with students wanting freedom on a computer network, or even wanting to just play around with the system to see what they can do. Heck, when I was in high school, I was one of those guys who would bump his print jobs up in the queue using pconsole, or discovering all the accounts that had access through the Squid proxy to the Internet.
On the other hand, I was a network/system administrator at a high school after college, and I can understand the challenges administrators have to deal with in terms of high school students. Administrators don't just decide that they want to lock students down; heck, some schools don't WANT their students to have restrictions placed upon them. When I started, the school had upgraded from Windows 2000 to Server 2003 the year before, and the security that was implemented was essentially Windows 2000 security. They made some stupid mistakes; all passwords stored in LM format, weak ACLs on systems, no BIOS passwords, few if any group policies. On the other hand, they had their VLANs designed properly, the servers all had fairly strong passwords, and they weren't running unnecessary services. The security that was implemented was essentially designed to protect users from malware and keep outsiders from poking around....Naturally, students decided they wanted to push the envelope. Kids started remotely shutting down one another's laptops and trying to steal one another's passwords. Eventually, a student guessed a faculty member's password, found a user account created by my predecessor long before I started on a faculty server, rdp'd into a server, and tried running a password cracking application...that contained a root kit.
An administrator's job is to, in effect, install and maintain technology that reflects the mission of an organization. Some schools have a pedagogy that encourages open exploration; other schools want strict rules and regulations. The school I worked at fit somewhere in between. When kids decided they wanted to try and cheat on exams, down using p2p applications, and attempt to change their grades, they put me in a position (mind you, just months after I started working there, and hardly after enough time to complete a full security audit and redesign) where I couldn't just trust them to be responsible in an open system. So, the next semester, they were irritated to find out that their accounts were running as local users; that group policies had been designed using strict Software Restriction Policies creating a whitelist of applications they could run; that their laptops and desktops all had BIOS passwords; that the only route out to the Internet was through an ISA server that connected directly to a filtering application, and then into a Packet Shaper; that their Flash plugin was disabled; that their ability to run Java applications was limited; that their exam account couldn't do anything EXCEPT run the exam application; that their ability to create and log onto local accounts was eliminated, etc.
Were there things on that list that should have been implemented earlier? Absolutely! Any organization should ALWAYS have BIOS passwords set on their machines, which should change every year. LM passwords should NEVER be enabled. Having some type of proxy is also a must, as are strong ACLs on switches and routers. Some type of bandwidth management device should be implemented, as there are more than three people using the network at a school. The school DEFINITELY should have set up WSUS to keep their Windows systems updated.
I'll admit that, when I have the authority, I'm active in creating (from the start) a secure environment, but you're not helping out an administrator when you just start poking holes in the network and not give them the chance to fix the holes. Schools don't have huge budgets, and the IT department is often required to play the role of help desk, admin, developer, engineer, etc, rather than just one niche. In my case, I was lucky; I had a good relationship with the people
I got my first real job in the IT field right after I turned 17. I think you'll find that the people who climb the ladder the fastest were in similar situations. In my case, I had repaired computers for a number of the teachers at my high school, and one of them referred me to the supervisor of an IT department at a fairly large local business. I ended up getting an internship, in spite of the lack of certifications, or, for that matter, a completed high school diploma. My work for them lasted well into my college degree. The key to getting that job was networking - leveraging the relationships I had to find a good job opportunity. If you can successfully network, having less experience than other job candidates isn't going to be a hindrance. Once you get your foot in the door, you'll start getting job experience, and you'll have something to show on your resume.
If you want to get a good job while still in high school, there are a few things you should do:
(1) Self-study: Go to Borders and read some books, or do some research online. Take one of your old computers and load *nix on it. Install and reinstall Windows. Go to Microsoft's website and take advantage of the Virtual Labs. Add SecurityFocus (and more importantly, BugTraq) to your daily list of websites. Become passionate (and well-read) about computer security. You get the drift. The point is, at the age of 17, you don't have much practical experience in the job world yet, so you need to make up for that in part by building a strong knowledge base, and that knowledge base needs to be fairly diversified.
(2) Build some business relationships: When someone has a computer problem, be willing to give them a hand - provided you don't get yourself in over your head. By the same token, don't take on a task that you won't be able to complete to someone's satisfaction. By (effectively) showing off your skills, you create a base of potential references that will be able to give you recommendations when a job opportunity comes up
(3) Take some tech classes at the local community college: Enroll in classes that provide you with resources that you wouldn't have access to in your own home. Talk to your parents and work out a deal with them to cover your tuition for the classes. For instance, while you may be able to set up some cheap Linksys routers and switches at your house, you're probably not going to have access to enterprise-grade equipment. The Cisco Academy program is an amazing asset to learn about networking. The CCNA program through the Cisco Academy has 4 semesters, each of which can usually be taken on Saturdays over the course of 8 weeks. After you complete the CCNA classes, you'll have the skills necessary to pass the CCNA Exam, which will put you ahead of most entry-level IT workers. Oracle database classes also come to mind; while you can learn the basics of SQL from simply installing MySQL or MSDE on an old computer at home, having successfully completed an Oracle class will add some real bragging rights to your resume.
I realize that a lot of developers focus more on learning languages than building diverse skills, but if you can learn programming skills as well as networking and system/application skills, you'll be able to carve out a good place in the market. I chose the system and network administration route for my career, and I've always regretted not being able to code anything beyond the simplest and most mundane tasks. Most successful IT people aren't know-it-alls by any means, but they do tend to be (close to) do-it-alls, and that makes them incredibly lucrative...and while they can't do EVERYTHING themselves, they are resourceful enough to either know someone who can do it, or to have enough knowledge to know what they need to learn to get the job done.
(4) Join your school computer club: Hang out with other up and coming geeks. To a certain degree, you'll be scoping out the competition, but more importantly, you'll benefit from their company by learning some skill-sets that they mi
1)I'd suggest *only* permitting Firefox, and removing the I.E. icons. [The smart students can still run iexplore.exe if they really want it, but it prevents most people getting attacked by IE exploits.]. Then install adblock + filtersetG updater.
Initially I had thought about setting up things like that, but Firefox really doesn't have any means to control the browser, outside of a default profile. The web filter we set up did a fantastic job of blocking sites with exploits, and because unrated sites were also blocked, we didn't have a problem of zero-day sites causing problems. However, we also pre-loaded Firefox on the laptops and allowed (and, for that matter, encouraged) students to run it at home, going so far as to enable IETab to ensure that even if they wanted to use a service that, for some asinine reason, was limited to IE, they'd still be able to access it.
2)Trust your students. Most of the problems result from honest mistakes - therefore, you need to make it easy to revert to a previous state, but not to prevent experiments. My view is you should avoid all censorship; if you feel you must impose rules, then punish students for what you see them doing, rather than asking the machine to do it.
I'm actually a big fan of this philosophy, but time and time again, students took advantage of our willingness to help them learn. Prior to installing a filtering appliance, the number of students looking at porn IN CLASS on their laptops was ridiculous, and hardly a trivial portion of the population. Bandwidth usage was also a problem; before instituting hash-based SRPs, students would play network games of Halo during class on their laptops, or trade music all day (which ultimately led us to purchasing a PacketShaper). Then there's a question of the school's mission. The school administration came to me and asked me to strengthen network security, and made a compelling case that these restrictions were to be tailored around their mission. As such, I had to ensure that every system or restriction I put into place was relevant to the school's mission and pedagogy. To be sure, I could've design a system significantly more strict, but those restrictions would've impeded their ability to learn, and thus wouldn't have furthered the school's mission.
3)Have a system where the brighter students may request greater privileges. And/or a few test machines that are less locked down. If some of them want to try Knoppix, then let them. Maybe even have one machine which the students can administrate - you may be pleasantly surprised. On that machine, if they want to install Ubuntu, go for it. You'll have some able assistants in no time!
I second that notion. Students with the interest and potential to grow deserve an environment to experiment. However, I will caution against giving students the privileges and responsibilities of domain administrators. DO create a sort of internship and mentoring program for bright students. DO NOT make your students admins for your school. Students are students first and foremost. Outside of the possibility that one of your student workers might abuse her or his authority, there are also considerations about the social impact of having students work for you. You don't want your students to be perceived as employees of the school by their peers; that will simply serve to create division within your student body. Rather than making your student workers out to be adversaries for the rest of the student body, give students who show interest in learning more the resources to help them out in a career in IT later in life. The reason I went into IT to begin with was because a high school teacher helped me get an internship when I was 17. As such, I felt it was only fair to offer my students the same opportunity.
4)Don't even think of monitoring students with keystroke loggers etc. It's just wrong. It sets a bad example, and will only lead to heartache. And you wouldn't catch the really bad one
I administered a computer network at a high school for three years, so I can toss out a few suggestions:
VLAN your network. If you have Cisco switches, this should be easy. Set up seperate VLANs for students, the staff, and servers. You'll be able to isolate what resources can be accessed based upon these access lists.
SET UP A PROXY SERVER! Seriously. One of the first systems you should implement is ISA Server 2006. ISA Server will act as an internal proxy to control what users have access to the Internet, and what resources they can access. Set ACLs on your internal switches to prevent routes to the Internet from the student VLAN unless they go through the ISA Server. Set up the ISA Server in front of a filtering appliance, pass all HTTP traffic, and allow access only to HTTPS sites you've added to an allow rule on your ISA server. Add the same limits to SWF, DCR, and possibly java or class files.
Only allow Internet traffic to port 80 and (to a limited extent) 443 for students: Look, your students aren't going to need any other services besides HTTP and HTTPS, and if you're not careful about HTTPS, they'll be popping holes in your proxy using an encrypted web service.
Set your web filtering to deny unrated sites: Students are going to try and circumvent your web filter though phproxy or cgiproxy. The smartest kids will go so far as to set up their own domain to get around your filter. The solution? Block what's not rated. It's also important that your filter have a mechanism to request that a site be unblocked. From a security perspective, it's important that you not open yourself up to risks that you can't control - including websites - but it's also important for the students' development that they have an opportunity to view controversial subjects and make up their own minds about the topic.
Use groups: Set up an OU for each grade in your school. Create a global domain group for each grade. Set up another OU for classes, and create a global security group for each class section. That way, you'll be able to allow or deny access to resources for each grade or class.
Software Restriction Policies: If you have a Server 2003 network, group policies are an amazing asset for your Windows XP clients. Group policies allow you to change settings on users and computers in your network. For instance, you can disable access to the registry or lock down Internet Explorer. Within group policies are a special policy component called Software Restriction Policies that allow you to decide whether or not applications can run based upon the hash, path, or filename. On my network, I designed the SRP around hashes. Managing those policies was a pain (the list was around 400 executables), but it was worth limiting what code would execute on the systems.
Admin tools: You'll want to turn off access to all administrative tools, so disable access to the command prompt, registry editor, and MMC. Also, disable access to the security tab in Explorer to prevent students from changing file permissions. For your computer policies, set the local security policy to disable storing the LM hash for passwords.
Use the Windows firewall: I know it's not much, but it does provide a lot of benefit over nothing at all. Using group policies, configure static rules into the Windows firewall. This will prevent malware from causing problems on your network, and will also prevent iTunes from eating your bandwidth.
Web browsers: It pains me to say this, but don't allow browsers other than Internet Explorer to run on your machines during school. When Firefox adds group policy support, I'll relent on that, but you have no control over what code is executed in Firefox, whereas group policies give you a lot more control over Internet Explorer. Example: after implementing our software restriction policies, students began downloading Flash games in swf form to their laptop hard drives. After receiving complaints from teachers, we simply disabled Firefox through SRPs, and disable
Say it isn't so!!
(Score:1, Redundant)
by Foofoobar (318279) Alter Relationship on Wednesday December 28, @07:56PM (#14355427)
Windows Exploit? Isn't that redundant?
Wow...sometimes, Slashdot ratings really DO match the content in posts!
"Those of us that have used LCD monitors for a while know that over time the backlight starts to dim and will eventually completely fail. Leaving you with some electronic scrap that you could sell on eBay for 35 bucks or so. Well for less than $20.00 and about a half hour of your time you can replace the backlight and rejuvenate that monitor to as good as new condition."
...I'll give you a grammar lesson. Let's start with run-on sentences:
Those of us that have used LCD monitors for a while know that, over time, the backlight starts to dim and will eventually completely fail, leaving you with some electronic scrap that you could sell on eBay for 35 bucks or so.
The real question about the Sony "service pack" is whether it removes the entire software program, leaves anything behind, or simply replaces the old rootkit with one that's harder to detect and remove.
While I'm all about the FreeBSD solution here (m0n0wall is a great package), the idea of using a hub instead of a switch is just asinine. In a gaming environment, where bandwidth is critical and having delays in play can make the difference between a frag and getting fragged, having seperate collision domains is a must. A gaming network should use switches to ensure that collisions won't affect gameplay.
It's nice reading an article about somebody who gets media attention and doesn't turn into a total tool (*cough*Steve Gibson*cough*), assuming they weren't a tool to begin with. On top of that, the guy makes his point that the vulnerability he writes about is serious without sensationalizing the whole thing.
I was reading this guy's blog post and cringing - his grammar is TERRIBLE! First off, if you want to post on your blog in all lower case, that doesn't really impact either the meaning or flow of your post. However, if you plan on using capitalization, for G-d sake, do it right - capitalize I and start your sentences off with capitals. Furthermore, this guy repeatedly wrote in run-on sentences, used improper colloquials (Since when do you see another "size" of someone? I usually see another "side" of my friends.), starting EVERY paragraph with dependant clauses, started sentences with conjunctions, etc. That's just pathetic. Littleton, CO is a fairly affluent area, and Columbine High School is funding pretty well, given the high property tax values. There is absolutely no reason why any student from that school shouldn't be able to write a coherent sentence given all the resources at their disposal.
As far as I'm concerned, there's nothing wrong with this guy's message; in fact, I agree with a lot that he says. Violent video games can certainly be a tremendous way to blow off some steam. The biggest problem I see is that a message needs to be communicated effectively, and putting someone on a pedistal who doesn't even know how to communicate his message is a bad way to support a cause.
"The Super Dimension Fortress Macross ( Ch Jik Ysai Makurosu) is an anime television series. Most of its animation (with edited content and revised dialogue) was adapted outside Japan for the first saga of Robotech."
I knew I had heard that somewhere, but I completely forgot about it.
Is ADV bringing the Harmony Gold dub to DVD, or are they translating something else? I already have the Harmony Gold sets; if they're going to be selling the same thing repackaged, I won't waste my money.
I've messed with ipw a bit, and it has promise. However, since I use WPA on my network for wireless security, the lack of WPA compatibility in 5-STABLE renders ipw pretty useless for me. The other thing that would be useful would be a good gui-based wifi monitor. I've messed with the few available for KDE, but nothing seems to be user-friendly. I'm fine making calls to ifconfig or whatever cli tool I need to use for configuration, but sometimes I just like the convenience of having a graphical tool to do it all for me, ya know? 6-RELEASE or -STABLE is going to need some type of gui tool for wireless to put it side-by-side with Linux or Windows in terms of friendly wireless support.
FreeBSD 5 was the first FreeBSD major version that actually worked properly on my laptop. I'm really excited about FreeBSD 6. Possibly the best feature will be the inclusion of WPA for 802.11. Everything seemed to work on my Thinkpad when I was hardwired, but wireless support was TERRIBLE in FreeBSD 5. Having native drivers for wireless adapters, as well as WPA support will make a transition to FreeBSD full-time on my laptop possible. The only other thing I could really ask for would be an easy-to-use DVD transcoder. I've used most of the packages out there for *nix, but they're still in their infancy. It won't be too long before they're ready for prime-time.
The interesting thing about this decision is that the "conservative" justices - ie, Thomas, Rhinquist, and Scalia - took a position contrary to their usual states rights and activism nonsense. This decision doesn't state that eminent domain is always acceptable, only that the locality has the discretion to make the decision. Conservatives will bitch and complain about this decision because it affects private property - which is basically all they really care about when you dissect their headonistic calculus. However, what the liberal justices said was exactly what conservatives demand justices say in all decisions: that the federal government will stay out of the matter, and that if you want change, you should act through your local legislatures. The minority was the activists, by conservative logic.
The article makes a big deal about how "savvy" this girl is, but seriously - how much knowledge does it require? When you click on the "forgot your password" link, it gives you a prompt with the information it needs to let you change your password. If presented with a website that says "Please enter your SSN and DOB to change your password", it doesn't take a genius to figure out what information to get.
She did demonstrate some creativity by using her work DB to look up her prof's personal info. However, considering that she did NOTHING to conceal her identity (steal wi-fi, use a proxy, etc), she clearly wasn't a savvy hacker. Smarter than the average user, perhaps, but definitely not a crafty blackhat.
So law enforcement can just sit with a packet filter scanning for the word "drugs"? That's just absurd. If law enforcement has reason to believe that an individual is committing illegal acts, they can go and get a warrant. Thanks to FISA, that's not the most difficult task. However, this isn't like a drug deal on a street corner; this is more analagous to being able to tap everybody's cell phone, hoping to find one or two people selling drugs.
When statistics show that the great majority of spam comes from a select few spammers, legislation CAN help fix the problem. When you put the big dogs in jail and out of business, some smaller ones may take their spot, but there will be a big dent in spam distribution.
Relicensing to the BSD license would pretty much defeat the point of GNU/Linux. I definitely think Linus needs to do more to make sure the code he commits isn't proprietary, but switching licenses?
The logical complications of changing the license to BSD would be a nightmare. Individual committers could file suit against FSF, or whoever might "own" the newly licensed code, to get a court order for their code to be removed if it's not licensed under the GPL.
Of course, somebody else could just fork Linux under the GPL again.
I suspect the judge will end up going along with this one, at least temporarily, though there's a strong likelihood it'll be permanent. Until the ownership issues of Linux are sorted out, the status quo is applicable, and the status quo in this case is Linux being distributed under the terms of the GPL. To that end, either SCO is ceding its ownership rights of the code by distributing it, or violating the GPL. Either way, given their current business model, it's pretty apparent that SCO is going to have to stop distributing the kernel.
Having BSD on Dreamcast made the system appealing to me. Granted, NetBSD has been ported to every electronic device that has enough memory to hold the kernel. But there is a certain geeky alure to using a video game console as a terminal, or, as some people have demonstrated, even as a webserver.
I guess it's just the "I can do this" aspect that draws me to it. Just having the ability to tinker with things makes them more interesting.
Slashdot Mirror
I can empathize with students wanting freedom on a computer network, or even wanting to just play around with the system to see what they can do. Heck, when I was in high school, I was one of those guys who would bump his print jobs up in the queue using pconsole, or discovering all the accounts that had access through the Squid proxy to the Internet.
...Naturally, students decided they wanted to push the envelope. Kids started remotely shutting down one another's laptops and trying to steal one another's passwords. Eventually, a student guessed a faculty member's password, found a user account created by my predecessor long before I started on a faculty server, rdp'd into a server, and tried running a password cracking application...that contained a root kit.
On the other hand, I was a network/system administrator at a high school after college, and I can understand the challenges administrators have to deal with in terms of high school students. Administrators don't just decide that they want to lock students down; heck, some schools don't WANT their students to have restrictions placed upon them. When I started, the school had upgraded from Windows 2000 to Server 2003 the year before, and the security that was implemented was essentially Windows 2000 security. They made some stupid mistakes; all passwords stored in LM format, weak ACLs on systems, no BIOS passwords, few if any group policies. On the other hand, they had their VLANs designed properly, the servers all had fairly strong passwords, and they weren't running unnecessary services. The security that was implemented was essentially designed to protect users from malware and keep outsiders from poking around.
An administrator's job is to, in effect, install and maintain technology that reflects the mission of an organization. Some schools have a pedagogy that encourages open exploration; other schools want strict rules and regulations. The school I worked at fit somewhere in between. When kids decided they wanted to try and cheat on exams, down using p2p applications, and attempt to change their grades, they put me in a position (mind you, just months after I started working there, and hardly after enough time to complete a full security audit and redesign) where I couldn't just trust them to be responsible in an open system. So, the next semester, they were irritated to find out that their accounts were running as local users; that group policies had been designed using strict Software Restriction Policies creating a whitelist of applications they could run; that their laptops and desktops all had BIOS passwords; that the only route out to the Internet was through an ISA server that connected directly to a filtering application, and then into a Packet Shaper; that their Flash plugin was disabled; that their ability to run Java applications was limited; that their exam account couldn't do anything EXCEPT run the exam application; that their ability to create and log onto local accounts was eliminated, etc.
Were there things on that list that should have been implemented earlier? Absolutely! Any organization should ALWAYS have BIOS passwords set on their machines, which should change every year. LM passwords should NEVER be enabled. Having some type of proxy is also a must, as are strong ACLs on switches and routers. Some type of bandwidth management device should be implemented, as there are more than three people using the network at a school. The school DEFINITELY should have set up WSUS to keep their Windows systems updated.
I'll admit that, when I have the authority, I'm active in creating (from the start) a secure environment, but you're not helping out an administrator when you just start poking holes in the network and not give them the chance to fix the holes. Schools don't have huge budgets, and the IT department is often required to play the role of help desk, admin, developer, engineer, etc, rather than just one niche. In my case, I was lucky; I had a good relationship with the people
I got my first real job in the IT field right after I turned 17. I think you'll find that the people who climb the ladder the fastest were in similar situations. In my case, I had repaired computers for a number of the teachers at my high school, and one of them referred me to the supervisor of an IT department at a fairly large local business. I ended up getting an internship, in spite of the lack of certifications, or, for that matter, a completed high school diploma. My work for them lasted well into my college degree. The key to getting that job was networking - leveraging the relationships I had to find a good job opportunity. If you can successfully network, having less experience than other job candidates isn't going to be a hindrance. Once you get your foot in the door, you'll start getting job experience, and you'll have something to show on your resume.
If you want to get a good job while still in high school, there are a few things you should do:
(1) Self-study: Go to Borders and read some books, or do some research online. Take one of your old computers and load *nix on it. Install and reinstall Windows. Go to Microsoft's website and take advantage of the Virtual Labs. Add SecurityFocus (and more importantly, BugTraq) to your daily list of websites. Become passionate (and well-read) about computer security. You get the drift. The point is, at the age of 17, you don't have much practical experience in the job world yet, so you need to make up for that in part by building a strong knowledge base, and that knowledge base needs to be fairly diversified.
(2) Build some business relationships: When someone has a computer problem, be willing to give them a hand - provided you don't get yourself in over your head. By the same token, don't take on a task that you won't be able to complete to someone's satisfaction. By (effectively) showing off your skills, you create a base of potential references that will be able to give you recommendations when a job opportunity comes up
(3) Take some tech classes at the local community college: Enroll in classes that provide you with resources that you wouldn't have access to in your own home. Talk to your parents and work out a deal with them to cover your tuition for the classes. For instance, while you may be able to set up some cheap Linksys routers and switches at your house, you're probably not going to have access to enterprise-grade equipment. The Cisco Academy program is an amazing asset to learn about networking. The CCNA program through the Cisco Academy has 4 semesters, each of which can usually be taken on Saturdays over the course of 8 weeks. After you complete the CCNA classes, you'll have the skills necessary to pass the CCNA Exam, which will put you ahead of most entry-level IT workers. Oracle database classes also come to mind; while you can learn the basics of SQL from simply installing MySQL or MSDE on an old computer at home, having successfully completed an Oracle class will add some real bragging rights to your resume.
I realize that a lot of developers focus more on learning languages than building diverse skills, but if you can learn programming skills as well as networking and system/application skills, you'll be able to carve out a good place in the market. I chose the system and network administration route for my career, and I've always regretted not being able to code anything beyond the simplest and most mundane tasks. Most successful IT people aren't know-it-alls by any means, but they do tend to be (close to) do-it-alls, and that makes them incredibly lucrative...and while they can't do EVERYTHING themselves, they are resourceful enough to either know someone who can do it, or to have enough knowledge to know what they need to learn to get the job done.
(4) Join your school computer club: Hang out with other up and coming geeks. To a certain degree, you'll be scoping out the competition, but more importantly, you'll benefit from their company by learning some skill-sets that they mi
1)I'd suggest *only* permitting Firefox, and removing the I.E. icons. [The smart students can still run iexplore.exe if they really want it, but it prevents most people getting attacked by IE exploits.]. Then install adblock + filtersetG updater.
Initially I had thought about setting up things like that, but Firefox really doesn't have any means to control the browser, outside of a default profile. The web filter we set up did a fantastic job of blocking sites with exploits, and because unrated sites were also blocked, we didn't have a problem of zero-day sites causing problems. However, we also pre-loaded Firefox on the laptops and allowed (and, for that matter, encouraged) students to run it at home, going so far as to enable IETab to ensure that even if they wanted to use a service that, for some asinine reason, was limited to IE, they'd still be able to access it.
2)Trust your students. Most of the problems result from honest mistakes - therefore, you need to make it easy to revert to a previous state, but not to prevent experiments. My view is you should avoid all censorship; if you feel you must impose rules, then punish students for what you see them doing, rather than asking the machine to do it.
I'm actually a big fan of this philosophy, but time and time again, students took advantage of our willingness to help them learn. Prior to installing a filtering appliance, the number of students looking at porn IN CLASS on their laptops was ridiculous, and hardly a trivial portion of the population. Bandwidth usage was also a problem; before instituting hash-based SRPs, students would play network games of Halo during class on their laptops, or trade music all day (which ultimately led us to purchasing a PacketShaper). Then there's a question of the school's mission. The school administration came to me and asked me to strengthen network security, and made a compelling case that these restrictions were to be tailored around their mission. As such, I had to ensure that every system or restriction I put into place was relevant to the school's mission and pedagogy. To be sure, I could've design a system significantly more strict, but those restrictions would've impeded their ability to learn, and thus wouldn't have furthered the school's mission.
3)Have a system where the brighter students may request greater privileges. And/or a few test machines that are less locked down. If some of them want to try Knoppix, then let them. Maybe even have one machine which the students can administrate - you may be pleasantly surprised. On that machine, if they want to install Ubuntu, go for it. You'll have some able assistants in no time!
I second that notion. Students with the interest and potential to grow deserve an environment to experiment. However, I will caution against giving students the privileges and responsibilities of domain administrators. DO create a sort of internship and mentoring program for bright students. DO NOT make your students admins for your school. Students are students first and foremost. Outside of the possibility that one of your student workers might abuse her or his authority, there are also considerations about the social impact of having students work for you. You don't want your students to be perceived as employees of the school by their peers; that will simply serve to create division within your student body. Rather than making your student workers out to be adversaries for the rest of the student body, give students who show interest in learning more the resources to help them out in a career in IT later in life. The reason I went into IT to begin with was because a high school teacher helped me get an internship when I was 17. As such, I felt it was only fair to offer my students the same opportunity.
4)Don't even think of monitoring students with keystroke loggers etc. It's just wrong. It sets a bad example, and will only lead to heartache. And you wouldn't catch the really bad one
I administered a computer network at a high school for three years, so I can toss out a few suggestions:
VLAN your network. If you have Cisco switches, this should be easy. Set up seperate VLANs for students, the staff, and servers. You'll be able to isolate what resources can be accessed based upon these access lists.
SET UP A PROXY SERVER! Seriously. One of the first systems you should implement is ISA Server 2006. ISA Server will act as an internal proxy to control what users have access to the Internet, and what resources they can access. Set ACLs on your internal switches to prevent routes to the Internet from the student VLAN unless they go through the ISA Server. Set up the ISA Server in front of a filtering appliance, pass all HTTP traffic, and allow access only to HTTPS sites you've added to an allow rule on your ISA server. Add the same limits to SWF, DCR, and possibly java or class files.
Only allow Internet traffic to port 80 and (to a limited extent) 443 for students: Look, your students aren't going to need any other services besides HTTP and HTTPS, and if you're not careful about HTTPS, they'll be popping holes in your proxy using an encrypted web service.
Set your web filtering to deny unrated sites: Students are going to try and circumvent your web filter though phproxy or cgiproxy. The smartest kids will go so far as to set up their own domain to get around your filter. The solution? Block what's not rated. It's also important that your filter have a mechanism to request that a site be unblocked. From a security perspective, it's important that you not open yourself up to risks that you can't control - including websites - but it's also important for the students' development that they have an opportunity to view controversial subjects and make up their own minds about the topic.
Use groups: Set up an OU for each grade in your school. Create a global domain group for each grade. Set up another OU for classes, and create a global security group for each class section. That way, you'll be able to allow or deny access to resources for each grade or class.
Software Restriction Policies: If you have a Server 2003 network, group policies are an amazing asset for your Windows XP clients. Group policies allow you to change settings on users and computers in your network. For instance, you can disable access to the registry or lock down Internet Explorer. Within group policies are a special policy component called Software Restriction Policies that allow you to decide whether or not applications can run based upon the hash, path, or filename. On my network, I designed the SRP around hashes. Managing those policies was a pain (the list was around 400 executables), but it was worth limiting what code would execute on the systems.
Admin tools: You'll want to turn off access to all administrative tools, so disable access to the command prompt, registry editor, and MMC. Also, disable access to the security tab in Explorer to prevent students from changing file permissions. For your computer policies, set the local security policy to disable storing the LM hash for passwords.
Use the Windows firewall: I know it's not much, but it does provide a lot of benefit over nothing at all. Using group policies, configure static rules into the Windows firewall. This will prevent malware from causing problems on your network, and will also prevent iTunes from eating your bandwidth.
Web browsers: It pains me to say this, but don't allow browsers other than Internet Explorer to run on your machines during school. When Firefox adds group policy support, I'll relent on that, but you have no control over what code is executed in Firefox, whereas group policies give you a lot more control over Internet Explorer. Example: after implementing our software restriction policies, students began downloading Flash games in swf form to their laptop hard drives. After receiving complaints from teachers, we simply disabled Firefox through SRPs, and disable
Say it isn't so!! (Score:1, Redundant) by Foofoobar (318279) Alter Relationship on Wednesday December 28, @07:56PM (#14355427) Windows Exploit? Isn't that redundant?
Wow...sometimes, Slashdot ratings really DO match the content in posts!
"Those of us that have used LCD monitors for a while know that over time the backlight starts to dim and will eventually completely fail. Leaving you with some electronic scrap that you could sell on eBay for 35 bucks or so. Well for less than $20.00 and about a half hour of your time you can replace the backlight and rejuvenate that monitor to as good as new condition."
...I'll give you a grammar lesson. Let's start with run-on sentences:
Those of us that have used LCD monitors for a while know that, over time, the backlight starts to dim and will eventually completely fail, leaving you with some electronic scrap that you could sell on eBay for 35 bucks or so.
The real question about the Sony "service pack" is whether it removes the entire software program, leaves anything behind, or simply replaces the old rootkit with one that's harder to detect and remove.
While I'm all about the FreeBSD solution here (m0n0wall is a great package), the idea of using a hub instead of a switch is just asinine. In a gaming environment, where bandwidth is critical and having delays in play can make the difference between a frag and getting fragged, having seperate collision domains is a must. A gaming network should use switches to ensure that collisions won't affect gameplay.
It's nice reading an article about somebody who gets media attention and doesn't turn into a total tool (*cough*Steve Gibson*cough*), assuming they weren't a tool to begin with. On top of that, the guy makes his point that the vulnerability he writes about is serious without sensationalizing the whole thing.
I was reading this guy's blog post and cringing - his grammar is TERRIBLE! First off, if you want to post on your blog in all lower case, that doesn't really impact either the meaning or flow of your post. However, if you plan on using capitalization, for G-d sake, do it right - capitalize I and start your sentences off with capitals. Furthermore, this guy repeatedly wrote in run-on sentences, used improper colloquials (Since when do you see another "size" of someone? I usually see another "side" of my friends.), starting EVERY paragraph with dependant clauses, started sentences with conjunctions, etc. That's just pathetic. Littleton, CO is a fairly affluent area, and Columbine High School is funding pretty well, given the high property tax values. There is absolutely no reason why any student from that school shouldn't be able to write a coherent sentence given all the resources at their disposal.
As far as I'm concerned, there's nothing wrong with this guy's message; in fact, I agree with a lot that he says. Violent video games can certainly be a tremendous way to blow off some steam. The biggest problem I see is that a message needs to be communicated effectively, and putting someone on a pedistal who doesn't even know how to communicate his message is a bad way to support a cause.
I answered my own question with Wikipedia:
"The Super Dimension Fortress Macross ( Ch Jik Ysai Makurosu) is an anime television series. Most of its animation (with edited content and revised dialogue) was adapted outside Japan for the first saga of Robotech."
I knew I had heard that somewhere, but I completely forgot about it.
Is ADV bringing the Harmony Gold dub to DVD, or are they translating something else? I already have the Harmony Gold sets; if they're going to be selling the same thing repackaged, I won't waste my money.
I've messed with ipw a bit, and it has promise. However, since I use WPA on my network for wireless security, the lack of WPA compatibility in 5-STABLE renders ipw pretty useless for me. The other thing that would be useful would be a good gui-based wifi monitor. I've messed with the few available for KDE, but nothing seems to be user-friendly. I'm fine making calls to ifconfig or whatever cli tool I need to use for configuration, but sometimes I just like the convenience of having a graphical tool to do it all for me, ya know? 6-RELEASE or -STABLE is going to need some type of gui tool for wireless to put it side-by-side with Linux or Windows in terms of friendly wireless support.
FreeBSD 5 was the first FreeBSD major version that actually worked properly on my laptop. I'm really excited about FreeBSD 6. Possibly the best feature will be the inclusion of WPA for 802.11. Everything seemed to work on my Thinkpad when I was hardwired, but wireless support was TERRIBLE in FreeBSD 5. Having native drivers for wireless adapters, as well as WPA support will make a transition to FreeBSD full-time on my laptop possible. The only other thing I could really ask for would be an easy-to-use DVD transcoder. I've used most of the packages out there for *nix, but they're still in their infancy. It won't be too long before they're ready for prime-time.
The interesting thing about this decision is that the "conservative" justices - ie, Thomas, Rhinquist, and Scalia - took a position contrary to their usual states rights and activism nonsense. This decision doesn't state that eminent domain is always acceptable, only that the locality has the discretion to make the decision. Conservatives will bitch and complain about this decision because it affects private property - which is basically all they really care about when you dissect their headonistic calculus. However, what the liberal justices said was exactly what conservatives demand justices say in all decisions: that the federal government will stay out of the matter, and that if you want change, you should act through your local legislatures. The minority was the activists, by conservative logic.
User types "666" into the Google search box, hits Enter. "AAAAAHHHHHHHH!!!!!!!!!!!!!" ...they're confronted with MSN Today?
The article makes a big deal about how "savvy" this girl is, but seriously - how much knowledge does it require? When you click on the "forgot your password" link, it gives you a prompt with the information it needs to let you change your password. If presented with a website that says "Please enter your SSN and DOB to change your password", it doesn't take a genius to figure out what information to get.
She did demonstrate some creativity by using her work DB to look up her prof's personal info. However, considering that she did NOTHING to conceal her identity (steal wi-fi, use a proxy, etc), she clearly wasn't a savvy hacker. Smarter than the average user, perhaps, but definitely not a crafty blackhat.
So law enforcement can just sit with a packet filter scanning for the word "drugs"? That's just absurd. If law enforcement has reason to believe that an individual is committing illegal acts, they can go and get a warrant. Thanks to FISA, that's not the most difficult task. However, this isn't like a drug deal on a street corner; this is more analagous to being able to tap everybody's cell phone, hoping to find one or two people selling drugs.
A real blow to the Constitution.
Does the "screen saver" work in Wine? I want the benefits of the trojan without the overhead of an antivirus program.
When statistics show that the great majority of spam comes from a select few spammers, legislation CAN help fix the problem. When you put the big dogs in jail and out of business, some smaller ones may take their spot, but there will be a big dent in spam distribution.
Relicensing to the BSD license would pretty much defeat the point of GNU/Linux. I definitely think Linus needs to do more to make sure the code he commits isn't proprietary, but switching licenses?
The logical complications of changing the license to BSD would be a nightmare. Individual committers could file suit against FSF, or whoever might "own" the newly licensed code, to get a court order for their code to be removed if it's not licensed under the GPL.
Of course, somebody else could just fork Linux under the GPL again.
I suspect the judge will end up going along with this one, at least temporarily, though there's a strong likelihood it'll be permanent. Until the ownership issues of Linux are sorted out, the status quo is applicable, and the status quo in this case is Linux being distributed under the terms of the GPL. To that end, either SCO is ceding its ownership rights of the code by distributing it, or violating the GPL. Either way, given their current business model, it's pretty apparent that SCO is going to have to stop distributing the kernel.
After winning the competition, the members of Team Eyeballers were overheard saying "borkborkbork!"
Asked about the condition of the dedicated game server, another of the team members reportedly replied "b0rked!"
Having BSD on Dreamcast made the system appealing to me. Granted, NetBSD has been ported to every electronic device that has enough memory to hold the kernel. But there is a certain geeky alure to using a video game console as a terminal, or, as some people have demonstrated, even as a webserver.
I guess it's just the "I can do this" aspect that draws me to it. Just having the ability to tinker with things makes them more interesting.
If Woody Guthrie isn't in heaven, I'd be worried that God doesn't have a sense of humor.