FC3 Security
Iain Rae
iainr at zathras.org
Wed Mar 9 15:00:58 UTC 2005
Rick Bilonick wrote:
> I'm have a half-million dollar grant for research and with some of
> this money I recently assembled a computer with dual opteron
> processors, 2gb of memory, 240 gb of hard drive, and 500 gb for a raid
> disk array.
<snip>
Welcome to the happy world of Academic politics, you may have to read up
on the history of the Borgias to get a feel for the world you've just
entered :)
> Is there any truth to what the IT people are saying or are they simply
> insane (or control freaks or both)?
>
It sounds as though their main worry is that if there is a problem with
your computer someone will trace it back to your office and will assume
since the office is in "the datacenter" it's their responsibility, in
some respects moving office might be your easiest solution.
I suspect that their main concern is that they are worried they're about
to be forced to support an OS they know nothing about on hardware they
haven't specified with resources they probably don't have and are
starting putting the barricades up early. To start off with the "Well, I
wouldn't have started from here" advice it's usually worth going to your
local IT folk and ask for advice on hardware and or software before
buying it, even if you're not going to buy what they suggest it gives
them a warning about what may appear and some idea of what level of
support you're likely to be needing from them. It also gives you a
chance to show them you know what you're talking about, most IT people
I've met are willing to point out the path through the maze of
regulations if you know what you're talking about and are not going to
be a burden on them.
> In the next couple of days I will be speaking with the department head
> (the data center is a small part of the department and my grant is
> totally independent of the data center). If I can't get her to see
> reason and force the data center to act reasonably, I think I have the
> following options for connecting my FC3 computer to the Internet:
>
Force is the wrong word to use, these are people who you may need help
from at a later date, what you need to do is convince them that you're
not going to be a continual source of problems for them wilst you are
working there. Try to find out if there's someone in the University
computer service who handles linux (or UNIX) and find out what their
policies and procedures are on securing unix hosts, if you can
demonstrate that your host would be as secure as hosts run by your
central computing service then that ought to be enough to convince them.
If you can't convince them and have to force their hand then I'd find
out what the policies and regs your central computing service have wrt
connecting hosts to the port in your office. If they own the port and
"rent" it to your department then they will invariably set the usage
policy and if you can show your head of department that you're working
inside it then you should be ok. Probably the biggest point to make to
your HOD is that since your PC not be on the same subnet as the
datacentre machines and as such shouldn't be of any more risk than any
other machine in the building.
More information about the fedora-list
mailing list