[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] I got hacked.........

Oh yeah, I understand what you're saying, downtime is unacceptable to just
about everyone, especially executives.  My suggestions were just for things
that need to be done in the future when a new system is implemented, not
necessarily those things that can be done immediately.


--- James <james mail nbsd org> wrote:
> Nick,
> I think the problems, especially in school districts, lie in the realm of 
> immediate neccessity and lack of adequate administrative support.  I've seen 
> both of these personally.
> If you need an email server up NOW, you can't always afford best practices, 
> when you have that kind of neccessity.  Especially since a lot of time, the 
> demands are unreasonable, ie "Develop a brand new, from scratch, full trouble
> ticket system, capable of adequately supporting over 1000 workstations and
> make 
> it easy to report everything from issues with the software on the desktop,
> the 
> physical cabling, a broken keyboard, bad hard drive, broken monitor, bad hub
> or 
> no internet access.  And have it tomorrow."
> A lack of administrative support could mean funds (not enough money for 
> firewalls/machines for firewalls) or personnel (Is someone going to spend a
> day 
> tinkering with a firewall when half an elementary school can't print over the
> network, the Superintendent has a virus on his computer and new cabling needs
> to be run at the HS?).  
> The whole thing reminds me of this quote: "We, the unwilling, led by the 
> unknowing, are doing the impossible for the ungrateful.  We have done so
> much, 
> for so long, with so little, we are now qualified to do anything with
> nothing."
> In the end, it is unfortunate and sad.  The worst part is that these hurried 
> practices usually mean the school district ends up paying for it again,
> either 
> moving to another platform for something because it was never setup properly
> or 
> redoing everything because they didn't do it right the first time.
> - James
> Quoting Nicholas Couchman <snick4584 yahoo com>:
> > So, without shooting you, let me ask why your email server is on the
> outside
> > of
> > the firewall.  I can understand how it would be a little easier to have the
> > email server on the outside, but it is asking for trouble.  Probably (in my
> > mind) the best way to set up an email server is to have the firewall relay
> > between the district or ISP mail relay and your internal server.  This way
> > the
> > email is only on an "outside" box for the amount of time it is on your
> > firewall.  Then it can be stored on the internal server with as little risk
> > as
> > possible.  If you end up having public IP addresses on the inside, you can
> > set
> > up your firewall to allow traffic to flow between the outside mail relay
> > and
> > your internal server.  As for your web server, that might be best on a DMZ.
> > 
> > Ideally you would need to seperate the email server and the web server. 
> > Perhaps you could leave DNS on the same box as your web server, or you
> > could
> > put it on the same one as your email server, but it would still have to be
> > on
> > the inside.
> > 
> > There's my two bits.
> > --Nick

Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]