FC3 Security
Rick Bilonick
rab at nauticom.net
Wed Mar 9 04:10:20 UTC 2005
I'm have a half-million dollar grant for research and with some of this
money I recently assembled a computer with dual opteron processors, 2gb
of memory, 240 gb of hard drive, and 500 gb for a raid disk array. The
computer will be doing some heaving duty number crunching (using R and
other open source software). I installed FC3 (64-bit) without any
problems, applied to the university computer dept. for an IP address
(and received an IP) for one of the ports in my office and started
working. The next day the "local" IT dept. (such as it is) for the "data
center" told me I had to disconnect from the port as my computer was a
"risk" to their data center. First they said that because my computer
was connected to the same subnet as the data center that this computer,
if hacked, would pose a threat to their computers. They consider my
computer to be a "server" because I was using ssh to connect remotely to
it. When I said I would eliminate ssh, then they said that they don't
support Linux systems and won't allow it to be connected. If they don't
control the computer (by installing Windows XP), then the computer is a
threat to their system because it is on the same subnet. (The university
gives out IP addresses and actually owns the network. Various
departments and groups rent ports.)
When I checked further, it turns out that the building I'm in actually
has 3 subnets. Which subnet you're on depends not on the department or
group but purely where you happen to be located. As it turns out, I'm
not on the same subnet as the data center. It also turns out that many
other people outside the data center happen to be on the same subnet as
the data center yet the data center doesn't feel that it's threatened by
these computers (the IT people have no idea what these other computers
are or how secure they are). When I asked them about this, they said,
your office is within the walls of the data center, if your computer is
hacked they will be blamed. They said it's their port (even though it's
in my office and no one else will have access to it or be able to use
it.) I said I'll buy my own port. They said it will be a threat to them
and they will be blamed.
Is there any truth to what the IT people are saying or are they simply
insane (or control freaks or both)?
In the next couple of days I will be speaking with the department head
(the data center is a small part of the department and my grant is
totally independent of the data center). If I can't get her to see
reason and force the data center to act reasonably, I think I have the
following options for connecting my FC3 computer to the Internet:
1) get a separate project office outside of the data center
(inconvenient to have two offices blocks or farther apart),
2) get a DSL data line installed (about $130/month for 512K - kind of
expensive),
3) use Verizon Wireless Broadband (very fast [512K], $80/month - not
cheap but I could take the PC 5220 card out and use in the evenings and
weekends),
4) take the computer and 20 in lcd monitor home, connect it to the DSL
line, and do the work at home.
What would you recommend? If I'm going to complete this project on time,
I can't have any more time wasted. So I need to get this resolved.
Rick B.
More information about the fedora-list
mailing list