I strongly recommend you do NOT attempt this using the 802.11b protocol.
Let's assume you set up your wireless network PROPERLY; it has a gateway machine which restricts communications within your internal network, with that gateway being the only machine accessible to your wireless network. Your intent would be for your wireless machines to have nothing accessible, except to that gateway. Your remote machines would use an encrypted tunnel to log onto that gateway.
By remote-booting, you've destroyed that paradigm. A remotely-booting client would have no resources able to establish that encrypted tunnel, so you would not be able to boot through that gateway. Okay, fine, so let's say you put the boot image on the gateway machine outside the tunnel, or on a second server provided just for that purpose.
Now you have a brand new security hole... First off, an attacker doesn't need any security codes to grab a copy of your boot image; and that boot image, in order to establish your encrypted tunnels, would give the attacker, if not direct access to the gateway, at least valuable information narrowing down your security window. Having individual passwords users have to enter to log on might help things, but doesn't close the hole...
Since the link the booting PC would by definition be unencrypted, an attacker could spoof the wireless gateway for the period of time during when a wireless machine was booting, substituting a modified copy of the boot image. The result would be an insecure client, in which, if a password is entered, it could be forwarded to the attacker; or that machine might act as its own gateway, from the attacker through the insecure machine onto your network.
Just for your information -- unless you can lock the phone into analog operation, don't even try hooking a modem to this thing. I wouldn't even recommend using a fax on it. The audio compression used in digital cellular and PCS will ruin your throughput.
Well, I haven't seen many with 5 PCI slots. I have seen a few with 4 plus an AGP slot...
Also, you've named six devices right there. If you needed to put all of that in a system, you'd be out of luck. Even if you didn't need the modem (I usually do, as a back-up connection), you'd have nothing to spare if you needed to add anything.
And the ATX spec is RELATIVELY new. (My IBM PC had the old, wide 8-bit slots.)
The new ATX-style cases don't give a lot of room for cards, especially when you have to fit in a big processor with a bodacious heat sink. As a result, there's a paucity of available slots. The cost of adding these extra interfaces to the system board is, on the other hand, minimal.
I personally think it's just fine to have this stuff on the mobo, so long as they can be disabled in the BIOS set-up. Having an extra video interface in the machine can be useful for diagnostic purposes, for instance, if you didn't bring a spare card with you; I've used that myself.
I think the reason we evolved using a system of four possible base-pairs was to conserve space on the genome and pack more information along a shorter distance.
Right now, it takes only three base-pairs along a strand of RNA to code for the next amino acid in the protein chain being constructed. If there were only two possible combinations for base-pairs, then it would take six of them to code for that amino acid. The transfer RNA would have to match up to 6 positions, not three, and there would be that much more room for error.
In addition, if there is a mismatch in base-pairs between the mRNA and tRNA, the difference in attraction between two and three bonds is greater than the difference between five and six bonds, and it would be more difficult to build a ribosome that could reliably construct proteins.
Aside from the program folder, a lot of spyware hides in the list of Browser Help Objects. Do a net search for "BHO Cop". (That utility, by PC Magazine, was withdrawn from general distribution, but can be found here and there, and there are other utilities that do the same thing.)
Then your answer is clear. Push for the board to look at the solutions other colleges have used, tell them that the others have already solved all the problems they're about to face, and they should adopt a complete package instead of trying to roll their own. Kerberos would do really well, and it'd be free.
I'm not sure I want to enter my personal information on this page, especially since they want the last 4 digits of my social security number. Given that sort of info, a crook could do a heck of a lot of damage to me identity-theft-wise.
Even if Rust Consulting is legit (and I admit, it looks like it is), I'd still worry about the security of their database.
I see two major problems with your authentication scheme.
First off, you have a catch-22 in the assignment system. You don't want to give a DHCP address to a system without its being authenticated, but your system won't be able to hit the net and get to the administrative machine to BE authenticated. Aside from manually typing in the MAC address on the main server, which I think someone would find annoying. I suppose you could DHCP unrecognized machines to an intranet address that's null-routed except for that admin machine, which would ask for a password, sniff the MAC address, and then add it to the DHCP system.
But there's an even larger flaw with your scheme, which is that there's nothing keeping users from turning off DHCP and choosing an unassigned IP, letting anyone with a little know-how hijack your connection without going through your authentication and possibly cause conflicts on your network. DHCP is MEANT to be easy; add complications and you've ruined the whole point of having it.
If you want to have a secure network, you're going to have to use a whole different system, such as using a protocol like PPPoE (unencrypted) or PPTP (encrypted) to log in to a central station and then have that machine handle routing, etc. From an ease-of-use standpoint, this would be a lot simpler, both for end users and your inexpert managers; they add a name and password to the list, and each user needs his name and password to log in. If someone changes hardware, no problem.
...I suggested he change his old website to forward to the new server's IP. It worked just fine, and held everything together while everyone's DNS updated. After a week he was able to take down the old site.
'Course if the old IP is completely dead, you've got problems. If you're physically moving the server, then I'm sure you can dig up an old 486 to run Apache on as a redirect.
Maybe not every company can afford, and not every employee would deserve, extra on their paycheck every holiday season. But that doll was pretty stupid.
I suspect most of that company's employees would've been happier skipping the doll and not having had to pay for parking for the party.
Most companies above a certain size whose work force isn't completely composed of computer experts have an IS staff who is given the odious task of maintaining all of the computers in the company -- odious, because most of the users wreak havoc on the computers' set-up. This is from where most of the "my computer's cup holder is broken" stories have spawned from.
In order to decrease their work load, they typically standardize on a few specific PC models and set-ups, and when a user blows it to hell they restore from a standard drive image. Ordering a special piece of hardware with a non-standard set-up usually requires a note from upper management saying "take care of this guy, he's cool", and a contract signed in blood, in triplicate, saying "I will never bring this machine to you".
Does this mean your employer will buy any laptop machine you wish, for your use? And you want this information so you can recommend which one he should get? If you have to foot the bill for your own machine, you ought to be able to tell your employer to fuck off if he wants to examine the contents.
Or are you afraid some piece of proprietary company software contains spy tools, letting the IS department observe your doings? Yeah, I can see where that would be a problem.
You might have more luck with a generic brand notebook PC than with one of the name brands. Companies like Dell and Sony tend to rip some of the features out of the system BIOSes to keep people from screwing them up and then calling for help. A good generic laptop would probably have a default BIOS with all the features therein intact.
Slashdot Mirror
I strongly recommend you do NOT attempt this using the 802.11b protocol.
Let's assume you set up your wireless network PROPERLY; it has a gateway machine which restricts communications within your internal network, with that gateway being the only machine accessible to your wireless network. Your intent would be for your wireless machines to have nothing accessible, except to that gateway. Your remote machines would use an encrypted tunnel to log onto that gateway.
By remote-booting, you've destroyed that paradigm. A remotely-booting client would have no resources able to establish that encrypted tunnel, so you would not be able to boot through that gateway. Okay, fine, so let's say you put the boot image on the gateway machine outside the tunnel, or on a second server provided just for that purpose.
Now you have a brand new security hole... First off, an attacker doesn't need any security codes to grab a copy of your boot image; and that boot image, in order to establish your encrypted tunnels, would give the attacker, if not direct access to the gateway, at least valuable information narrowing down your security window. Having individual passwords users have to enter to log on might help things, but doesn't close the hole...
Since the link the booting PC would by definition be unencrypted, an attacker could spoof the wireless gateway for the period of time during when a wireless machine was booting, substituting a modified copy of the boot image. The result would be an insecure client, in which, if a password is entered, it could be forwarded to the attacker; or that machine might act as its own gateway, from the attacker through the insecure machine onto your network.
Just for your information -- unless you can lock the phone into analog operation, don't even try hooking a modem to this thing. I wouldn't even recommend using a fax on it. The audio compression used in digital cellular and PCS will ruin your throughput.
Well, I haven't seen many with 5 PCI slots. I have seen a few with 4 plus an AGP slot...
Also, you've named six devices right there. If you needed to put all of that in a system, you'd be out of luck. Even if you didn't need the modem (I usually do, as a back-up connection), you'd have nothing to spare if you needed to add anything.
And the ATX spec is RELATIVELY new. (My IBM PC had the old, wide 8-bit slots.)
The new ATX-style cases don't give a lot of room for cards, especially when you have to fit in a big processor with a bodacious heat sink. As a result, there's a paucity of available slots. The cost of adding these extra interfaces to the system board is, on the other hand, minimal.
I personally think it's just fine to have this stuff on the mobo, so long as they can be disabled in the BIOS set-up. Having an extra video interface in the machine can be useful for diagnostic purposes, for instance, if you didn't bring a spare card with you; I've used that myself.
I think the reason we evolved using a system of four possible base-pairs was to conserve space on the genome and pack more information along a shorter distance.
Right now, it takes only three base-pairs along a strand of RNA to code for the next amino acid in the protein chain being constructed. If there were only two possible combinations for base-pairs, then it would take six of them to code for that amino acid. The transfer RNA would have to match up to 6 positions, not three, and there would be that much more room for error.
In addition, if there is a mismatch in base-pairs between the mRNA and tRNA, the difference in attraction between two and three bonds is greater than the difference between five and six bonds, and it would be more difficult to build a ribosome that could reliably construct proteins.
Here's a page at spywareinfo.com with a number of utilities for cleaning up Browser Help Objects and other forms of spyware. I recommend it.
Aside from the program folder, a lot of spyware hides in the list of Browser Help Objects. Do a net search for "BHO Cop". (That utility, by PC Magazine, was withdrawn from general distribution, but can be found here and there, and there are other utilities that do the same thing.)
Smart gun technology is available today, and is completely practical. If you don't believe me, here's a simulator for the technology...
...Can be seen on Home Theater Forum.
Shouldn't that be "DMCA"?
A little bit of rain, and the set will turn into potato soup.
[pictures Tara Reid floundering around in potato paste]
No...
I've always liked the name "Bob"...
> Did I mentition that this is a college?
Then your answer is clear. Push for the board to look at the solutions other colleges have used, tell them that the others have already solved all the problems they're about to face, and they should adopt a complete package instead of trying to roll their own. Kerberos would do really well, and it'd be free.
I'm not sure I want to enter my personal information on this page, especially since they want the last 4 digits of my social security number. Given that sort of info, a crook could do a heck of a lot of damage to me identity-theft-wise.
Even if Rust Consulting is legit (and I admit, it looks like it is), I'd still worry about the security of their database.
Guess I'll have to pass up that $20.
I see two major problems with your authentication scheme.
First off, you have a catch-22 in the assignment system. You don't want to give a DHCP address to a system without its being authenticated, but your system won't be able to hit the net and get to the administrative machine to BE authenticated. Aside from manually typing in the MAC address on the main server, which I think someone would find annoying. I suppose you could DHCP unrecognized machines to an intranet address that's null-routed except for that admin machine, which would ask for a password, sniff the MAC address, and then add it to the DHCP system.
But there's an even larger flaw with your scheme, which is that there's nothing keeping users from turning off DHCP and choosing an unassigned IP, letting anyone with a little know-how hijack your connection without going through your authentication and possibly cause conflicts on your network. DHCP is MEANT to be easy; add complications and you've ruined the whole point of having it.
If you want to have a secure network, you're going to have to use a whole different system, such as using a protocol like PPPoE (unencrypted) or PPTP (encrypted) to log in to a central station and then have that machine handle routing, etc. From an ease-of-use standpoint, this would be a lot simpler, both for end users and your inexpert managers; they add a name and password to the list, and each user needs his name and password to log in. If someone changes hardware, no problem.
...I suggested he change his old website to forward to the new server's IP. It worked just fine, and held everything together while everyone's DNS updated. After a week he was able to take down the old site.
'Course if the old IP is completely dead, you've got problems. If you're physically moving the server, then I'm sure you can dig up an old 486 to run Apache on as a redirect.
Sure, tell EVERYONE what radio frequencies they need to use to jam US military radar. Sheesh.
Maybe not every company can afford, and not every employee would deserve, extra on their paycheck every holiday season. But that doll was pretty stupid.
I suspect most of that company's employees would've been happier skipping the doll and not having had to pay for parking for the party.
You should hock your building's alarm system, and the lock cylinders in the doors; that'll bring you a few quick bucks.
Nothing like running lean and mean!
Most companies above a certain size whose work force isn't completely composed of computer experts have an IS staff who is given the odious task of maintaining all of the computers in the company -- odious, because most of the users wreak havoc on the computers' set-up. This is from where most of the "my computer's cup holder is broken" stories have spawned from.
In order to decrease their work load, they typically standardize on a few specific PC models and set-ups, and when a user blows it to hell they restore from a standard drive image. Ordering a special piece of hardware with a non-standard set-up usually requires a note from upper management saying "take care of this guy, he's cool", and a contract signed in blood, in triplicate, saying "I will never bring this machine to you".
Does this mean your employer will buy any laptop machine you wish, for your use? And you want this information so you can recommend which one he should get? If you have to foot the bill for your own machine, you ought to be able to tell your employer to fuck off if he wants to examine the contents.
Or are you afraid some piece of proprietary company software contains spy tools, letting the IS department observe your doings? Yeah, I can see where that would be a problem.
You might have more luck with a generic brand notebook PC than with one of the name brands. Companies like Dell and Sony tend to rip some of the features out of the system BIOSes to keep people from screwing them up and then calling for help. A good generic laptop would probably have a default BIOS with all the features therein intact.
I liked it. I don't think it was his best book, but it was well worth reading.
For all you SF fans, "spin-polarized tetraneutrons" were used in the book "Martian Rainbow" by Robert L. Forward.
There was that one Texas town where someone went and castrated the mayor...