FC3 Security

[Iain Rae]

Rick Bilonick wrote:

> I'm have a half-million dollar grant for research and with some of 
> this money I recently assembled a computer with dual opteron 
> processors, 2gb of memory, 240 gb of hard drive, and 500 gb for a raid 
> disk array.



<snip>
Welcome to the happy world of Academic politics, you may have to read up 
on  the history of the Borgias to get a feel for the world you've just 
entered :)


> Is there any truth to what the IT people are saying or are they simply 
> insane (or control freaks or both)?
>
It sounds as though their main worry is that if there is a problem with 
your computer someone will trace it back to your office and will assume 
since the office is in "the datacenter" it's their responsibility, in 
some respects moving office might be your easiest solution.


I suspect that their main concern is that they are worried they're about 
to be forced to support an OS they know nothing about on hardware they 
haven't specified with resources they probably don't have and are 
starting putting the barricades up early. To start off with the "Well, I 
wouldn't have started from here" advice it's usually worth going to your 
local IT folk and ask for advice on hardware and or software before 
buying it, even if you're not going to buy what they suggest it gives 
them a warning about what may appear and some idea of what level of 
support you're likely to be needing from them. It also gives you a 
chance to show them you know what you're talking about, most IT people 
I've met are willing to point out the path through the maze of 
regulations if you know what you're talking about and are not going to 
be a burden on them.


> In the next couple of days I will be speaking with the department head 
> (the data center is a small part of the department and my grant is 
> totally independent of the data center). If I can't get her to see 
> reason and force the data center to act reasonably, I think I have the 
> following options for connecting my FC3 computer to the Internet:
>

Force is the wrong word to use, these are people who you may need help 
from at a later date, what you need to do is convince them that you're 
not going to be a continual source of problems for them wilst you are 
working there. Try to find out if there's someone in the University 
computer service who handles linux (or UNIX) and find out what their 
policies and procedures are on securing unix hosts, if you can 
demonstrate that your host would be as secure as hosts run by your 
central computing service then that ought to be enough to convince them.

If you can't convince them and have to force their hand then I'd find 
out what the policies and regs your central computing service have wrt 
connecting hosts to the port in your office. If they own the port and 
"rent" it to your department then they will invariably set the usage 
policy and if you can show  your head of department that you're working 
inside it then you should be ok.  Probably the biggest point to make to 
your HOD is that since your PC not be on the same subnet as the 
datacentre machines and as such shouldn't be of any more risk than any 
other machine in the building.