FC3 Security

[Rick Bilonick]

I'm have a half-million dollar grant for research and with some of this 
money I recently assembled a computer with dual opteron processors, 2gb 
of memory, 240 gb of hard drive, and 500 gb for a raid disk array. The 
computer will be doing some heaving duty number crunching (using R and 
other open source software). I installed FC3 (64-bit) without any 
problems, applied to the university computer dept. for an IP address 
(and received an IP) for one of the ports in my office and started 
working. The next day the "local" IT dept. (such as it is) for the "data 
center" told me I had to disconnect from the port as my computer was a 
"risk" to their data center. First they said that because my computer 
was connected to the same subnet as the data center that this computer, 
if hacked, would pose a threat to their computers. They consider my 
computer to be a "server" because I was using ssh to connect remotely to 
it. When I said I would eliminate ssh, then they said that they don't 
support Linux systems and won't allow it to be connected. If they don't 
control the computer (by installing Windows XP), then the computer is a 
threat to their system because it is on the same subnet. (The university 
gives out IP addresses and actually owns the network. Various 
departments and groups rent ports.)

When I checked further, it turns out that the building I'm in actually 
has 3 subnets. Which subnet you're on depends not on the department or 
group but purely where you happen to be located. As it turns out, I'm 
not on the same subnet as the data center. It also turns out that many 
other people outside the data center happen to be on the same subnet as 
the data center yet the data center doesn't feel that it's threatened by 
these computers (the IT people have no idea what these other computers 
are or how secure they are). When I asked them about this, they said, 
your office is within the walls of the data center, if your computer is 
hacked they will be blamed. They said it's their port (even though it's 
in my office and no one else will have access to it or be able to use 
it.) I said I'll buy my own port. They said it will be a threat to them 
and they will be blamed.

Is there any truth to what the IT people are saying or are they simply 
insane (or control freaks or both)?

In the next couple of days I will be speaking with the department head 
(the data center is a small part of the department and my grant is 
totally independent of the data center). If I can't get her to see 
reason and force the data center to act reasonably, I think I have the 
following options for connecting my FC3 computer to the Internet:

1) get a separate project office outside of the data center 
(inconvenient to have two offices blocks or farther apart),

2) get a DSL data line installed (about $130/month for 512K - kind of 
expensive),

3) use Verizon Wireless Broadband (very fast [512K], $80/month - not 
cheap but I could take the PC 5220 card out and use in the evenings and 
weekends),

4) take the computer and 20 in lcd monitor home, connect it to the DSL 
line, and do the work at home.

What would you recommend? If I'm going to complete this project on time, 
I can't have any more time wasted. So I need to get this resolved.

Rick B.