So far, I see lots of advice about VM breakouts and network isolation. If this were a production datacenter where uptime was a criteria, this is all well and good. I suspect that this isn't what you need to hear, however.
I see three things you could be attempting to protect:
1) The larger school network. 2) The VM host infrastructure. 3) The VMs themselves.
1) A student on a VM is no more dangerous to the network than one who can connect to the school wireless with a laptop or smartphone. If the lab uplinks to the same network as the broader access, your risk profile is unchanged.
2) Make sure the VMs can't route to the host and keep it patched. If a student managed to break out of a VM in a patched hosting environment, do some forensics and find the bug then sell it. It's probably worth more than you make in a year. Seriously, if they can do this, they deserve to win. You might as well worry about protecting against nation-state sponsored attacks.
3) Make sure that the class work is backed up (a git server, perhaps) and then don't worry about it. Seriously, just throw the VMs away after each class (or every night, etc) and start with a clean one the next time they log in. Don't spend time trying to outsmart a classroom full of bored highschoolers. Instead, make it so it doesn't matter when they break something.
Really, if you're going for hacker, the invitation shouldn't just do something. Recipients should be able to do something with the invitation. Check out the Defcon Ninja Party invitations:
Right, but individual passwords scavenged from login attempts -- individual data points -- are not nearly as valuable as the aggregate password tables.
Even is the attacker has root on the web application box, they shouldn't automatically get raw table access to the database backend (assuming that the database is on the back-end, and not on the same box as the web server). You should be using execute-only permissions on stored procedures to validate passwords in the DB, not performing a comparison on the application server.
I know it's bad form to link to oneself, but I have a reasonably thorough explanation here:
This isn't a submitter tooting their own horn, it's legitimate news for those of us who lift their heads out of their code once in a while and pay attention to larger social issues.
What the Chinese are banning isn't actually the reincarnation of the lamas, but the recognition thereof. It has happened before, when the Dali Lama banned the reincarnation of the Sharmapa, second in the Kagyu lineage and a perceived political rival. The Sharmapa of course, did reincarnate and fulfilled his spiritual role in the lineage, but was unable to play any political role.
Remember that the Dali Lama's Tibet was a fully medival feudal system in which the Rinpoches were the feudal lords.
The Chinese government hasn't been banning the practice of Buddhism in recent years, they have just been disbanding the large monasteries that are also centers of political and economic power in the old system.
By banning the reincarnation of lamas and thus their political role, they are simply moving to remove Buddhism as a political rival. They aren't actually barring the teachings or spiritual roles of the Rinpoches.
I get to design and develop metrics that help us analyze, track and improve our operations, manage the development of the systems that collect and report these metrics and then evaluate them to assess the company's global risk.
And use enough buzzwords to make the tech implementer roll their eyes and mock you behind your back. . .
I don't know anything about drafting. I wouldn't presume to tell them what to use so long as it's a major supported package.
E-mail and other enterprise applications are a different matter though. The enterprise is my area of professional expertise, and if they want me to respect theirs, they have to respect mine. I have a list of supported mail clients (and Eudora isn't on it -- yuk).
The centralized management model also has problems in a large enterprise. The build that the legal department needs is going to be the same as engineering or marketing? Is a network administrator really the best judge of which software a researcher should be using for statistical analysis?
If you want them to respect your professional judgement, you had better be willing to respect theirs.
While paper-gone-missing is still part of enterprise security's purview, it usually isn't part of the IT departments. I dread the day when sys admins carry guns.
A good net admin is flexibile. If there's a good reason for it, any rule can be bent. I'm going to treat you like an adult and explain why your actions are potentially risky and are against policy -- I'll ask you to work with me to find a less risky way to accomplish the same goals.
If you're doing network experimentation for a legitimate reason (work-related, not just being a dick), it's easy enough for me to vlan you off from the rest of the network. I'll even give you a gateway to the internet if you need it, but you'd better believe that your gateway is going to null route anything that's attempting to hit my servers or your co-worker's machines. My job may be to enable your research, but it's also my job to protect everyone else's data and productivity from your experiments should they go wildly wrong.
I'll make sure you can do your work, but you may not be able to go about it in the way that you originally wanted to; my flexibility must be matched by yours. If you crash your own machine in the process, that's a risk you chose to take. I just have to make sure that everyone else on the network has the same choice and isn't subjected to yours.
the reasoning behind the binary blob is so that I, the owner of the card, can't control what I want my hardware to do?
This is a driver limitation, not a firmware limitation -- if you want to do something else with the hardware, you're welcome to; Intel just won't help you do it. You can always back-engineer the drivers and write your own that don't have limitations.
In my mind, the problem with binary blob drivers is that Intel is asking you to trust them; you have to believe that they wrote drivers without buffer overflow errors, etc., without any way to verify it.
My "beef" as you put it is the observation that OS X is an incredibly space hungry desktop.
Not nearly as much as KDE -- I have trouble running it at 1280x1024. I expect Vista will be a similar desktop space hound. That's what wide screens, pagers, and dual monitors are used for.
Intel likes binary blobs. Their WiFi cards come with a binary blob userspace program that uh... "enforces" FCC compliance on the hardware, whatever that means.
Another OpenBSD user, I'd bet. In this case it means that it restricts the hardware to North American frequencies (which are assigned by the FCC). The frequencies are an international standard, so it isn't a "USA rules" thing so much as it disallows tinkering with them.
It holds my 17" Powerbook in a Brain Cell insert, file folders, PDA, Cellphone, PDA (I know, I should just get a smart phone), and iPod with room for 4 large O'Reilly books to boot.
He also makes some smaller ones that might better fir your needs. And backbacks if you want to avoid medical problems hauling all that stuff around
You're going to have to know the corporate lingo in order to survive in that culture. That doesn't mean you have to use it.
Be aware, though, the jargon evolved for a reason. While doing contract Sarbanes-Oxley work for a major telcom, I found that meetings that used jargon were far more efficient than the meetings that didn't. That doesn't mean that everyone uses it meaningfully and responsibly, but when you're in a room with a group that does, it can be amazingly efficient.
I'm not suprised because I've never really seem the appeal of hard-core gaming. Sure, a game can be a nice distraction once in a while, just as a movie can. But in the long run, stimulating activities (books, athletics, social interactions, programming) are always more interesting.
If you want to know what it looks like, just look at Microsoft Management Console (MMC).
Why is this a good thing? The MMC is such a royal pain in the arse for system management, I have absolutly no idea why any *nix system would want to imitate it.
For that matter, I'm not sure why any systems administrator would want to install a GUI on top of their services. Added "features" add complexity which increases the likelyhood of 0-day vulnerabilities. Isn't the second rule of secure system administation (after patch your systems) "Don't install unneeded services?"
Slashdot Mirror
So far, I see lots of advice about VM breakouts and network isolation. If this were a production datacenter where uptime was a criteria, this is all well and good. I suspect that this isn't what you need to hear, however.
I see three things you could be attempting to protect:
1) The larger school network.
2) The VM host infrastructure.
3) The VMs themselves.
1) A student on a VM is no more dangerous to the network than one who can connect to the school wireless with a laptop or smartphone. If the lab uplinks to the same network as the broader access, your risk profile is unchanged.
2) Make sure the VMs can't route to the host and keep it patched. If a student managed to break out of a VM in a patched hosting environment, do some forensics and find the bug then sell it. It's probably worth more than you make in a year. Seriously, if they can do this, they deserve to win. You might as well worry about protecting against nation-state sponsored attacks.
3) Make sure that the class work is backed up (a git server, perhaps) and then don't worry about it. Seriously, just throw the VMs away after each class (or every night, etc) and start with a clean one the next time they log in. Don't spend time trying to outsmart a classroom full of bored highschoolers. Instead, make it so it doesn't matter when they break something.
Really, if you're going for hacker, the invitation shouldn't just do something. Recipients should be able to do something with the invitation. Check out the Defcon Ninja Party invitations:
http://www.wired.com/threatlevel/2010/07/defcon-ninja-badge/
Exactly. I'm over security for part of a fairly major website and our customers are starting to get after us for not disallowing iframes of our site.
Any authenticated site should be doing this -- it's only a couple of lines of Javascript to reasonably cover your bases.
Why aren't you? Is there some sort of crazy business blocker?
Right, but individual passwords scavenged from login attempts -- individual data points -- are not nearly as valuable as the aggregate password tables.
Even is the attacker has root on the web application box, they shouldn't automatically get raw table access to the database backend (assuming that the database is on the back-end, and not on the same box as the web server). You should be using execute-only permissions on stored procedures to validate passwords in the DB, not performing a comparison on the application server.
I know it's bad form to link to oneself, but I have a reasonably thorough explanation here:
http://www.hackerco.de/hackercode/2010/01/secure-web-form-authentication-using-stored-produres.html
I think what you're looking for is the Open Web Application Security Project (OWASP) Guide:
http://www.owasp.org/index.php/Category:OWASP_Guide_Project
It's pretty much the industry standard.
Among other things, he's a fellow of the Electronic Frontier Foundation and about as outspoken and respected an advocate of net neutrality there is.
Here's his Wikipedia bio.
This isn't a submitter tooting their own horn, it's legitimate news for those of us who lift their heads out of their code once in a while and pay attention to larger social issues.
What the Chinese are banning isn't actually the reincarnation of the lamas, but the recognition thereof. It has happened before, when the Dali Lama banned the reincarnation of the Sharmapa, second in the Kagyu lineage and a perceived political rival. The Sharmapa of course, did reincarnate and fulfilled his spiritual role in the lineage, but was unable to play any political role.
Remember that the Dali Lama's Tibet was a fully medival feudal system in which the Rinpoches were the feudal lords.
The Chinese government hasn't been banning the practice of Buddhism in recent years, they have just been disbanding the large monasteries that are also centers of political and economic power in the old system.
By banning the reincarnation of lamas and thus their political role, they are simply moving to remove Buddhism as a political rival. They aren't actually barring the teachings or spiritual roles of the Rinpoches.
I get to design and develop metrics that help us analyze, track and improve our operations, manage the development of the systems that collect and report these metrics and then evaluate them to assess the company's global risk.
And use enough buzzwords to make the tech implementer roll their eyes and mock you behind your back. . .
Sounds like too much work to me. I patch my open BSD systems a couple times a year and don't even reboot.
I don't know anything about drafting. I wouldn't presume to tell them what to use so long as it's a major supported package.
E-mail and other enterprise applications are a different matter though. The enterprise is my area of professional expertise, and if they want me to respect theirs, they have to respect mine. I have a list of supported mail clients (and Eudora isn't on it -- yuk).
The centralized management model also has problems in a large enterprise. The build that the legal department needs is going to be the same as engineering or marketing? Is a network administrator really the best judge of which software a researcher should be using for statistical analysis?
If you want them to respect your professional judgement, you had better be willing to respect theirs.
While paper-gone-missing is still part of enterprise security's purview, it usually isn't part of the IT departments. I dread the day when sys admins carry guns.
A good net admin is flexibile. If there's a good reason for it, any rule can be bent. I'm going to treat you like an adult and explain why your actions are potentially risky and are against policy -- I'll ask you to work with me to find a less risky way to accomplish the same goals.
If you're doing network experimentation for a legitimate reason (work-related, not just being a dick), it's easy enough for me to vlan you off from the rest of the network. I'll even give you a gateway to the internet if you need it, but you'd better believe that your gateway is going to null route anything that's attempting to hit my servers or your co-worker's machines. My job may be to enable your research, but it's also my job to protect everyone else's data and productivity from your experiments should they go wildly wrong.
I'll make sure you can do your work, but you may not be able to go about it in the way that you originally wanted to; my flexibility must be matched by yours. If you crash your own machine in the process, that's a risk you chose to take. I just have to make sure that everyone else on the network has the same choice and isn't subjected to yours.
...then get fired and/or go to jail.
If your server is geared towards internet services, you're probably hosed. Even if your server remains up, what happens to the internet uplink?
This is a driver limitation, not a firmware limitation -- if you want to do something else with the hardware, you're welcome to; Intel just won't help you do it. You can always back-engineer the drivers and write your own that don't have limitations.
In my mind, the problem with binary blob drivers is that Intel is asking you to trust them; you have to believe that they wrote drivers without buffer overflow errors, etc., without any way to verify it.
Will it run Linux?
Yes.
Not nearly as much as KDE -- I have trouble running it at 1280x1024. I expect Vista will be a similar desktop space hound. That's what wide screens, pagers, and dual monitors are used for.
It's the same resolution that the 15" Powerbook used not too long ago. It's also roughly WXGA, the standard on competetively prices wintel laptops.
Another OpenBSD user, I'd bet. In this case it means that it restricts the hardware to North American frequencies (which are assigned by the FCC). The frequencies are an international standard, so it isn't a "USA rules" thing so much as it disallows tinkering with them.
This is what I use:
Tom Bihn Super Ego
It holds my 17" Powerbook in a Brain Cell insert, file folders, PDA, Cellphone, PDA (I know, I should just get a smart phone), and iPod with room for 4 large O'Reilly books to boot.
He also makes some smaller ones that might better fir your needs. And backbacks if you want to avoid medical problems hauling all that stuff around
You're going to have to know the corporate lingo in order to survive in that culture. That doesn't mean you have to use it.
Be aware, though, the jargon evolved for a reason. While doing contract Sarbanes-Oxley work for a major telcom, I found that meetings that used jargon were far more efficient than the meetings that didn't. That doesn't mean that everyone uses it meaningfully and responsibly, but when you're in a room with a group that does, it can be amazingly efficient.
I'm not suprised because I've never really seem the appeal of hard-core gaming. Sure, a game can be a nice distraction once in a while, just as a movie can. But in the long run, stimulating activities (books, athletics, social interactions, programming) are always more interesting.
If you want to know what it looks like, just look at Microsoft Management Console (MMC).
Why is this a good thing? The MMC is such a royal pain in the arse for system management, I have absolutly no idea why any *nix system would want to imitate it.
For that matter, I'm not sure why any systems administrator would want to install a GUI on top of their services. Added "features" add complexity which increases the likelyhood of 0-day vulnerabilities. Isn't the second rule of secure system administation (after patch your systems) "Don't install unneeded services?"