[K12OSN] Fedora 2 vs WB3 or RHE3 and old proxy by-pass prob

[k12osn at collinsoft.com]

On Fri, 4 Jun 2004, Terrell Prude', Jr. wrote:
> Sure they could; we've had to deal with circumventor for the last couple 
> of years in our district.  That's why you need to have a written policy 
> in place that says what the penalties are for actions like this, and 
> then enforce it.  A big part of INFOSEC anywhere, including in a school, 
> is having the written policy, otherwise you have little legal leg on 
> which to stand when someone does something inappropriate, be it staff 
> member, board member, or student.

I agree, I just didn't want someone to get a false sense of security. Too 
often we are asked for a technological solution to a non-technical 
problem. (OT: Our librarian wanted us to turn off the ability for students 
to change their desktop background. I wasn't going to punish the entire 
student body just because some of them chose inappropriate backgrounds. We 
just disable their account if they are caught with an inappropriate 
background (covered in our AUP).

> Of course, there certainly are technological ways to stop this, and 
> you'd do that at your Internet firewall.  Do your students have any 
> *actual need* to use TCP 20, 21, 22, 23, and 25 to carry forward the 
> educational process?  Ask yourself that.  TCP 80 and TCP 443, you can 
> transparently proxy those.  Combined, this should put a stop to apps 
> like circumventor.

Even blocking everything and transparently proxying those two ports won't 
stop someone from running some sort of anonymizing proxy such as 
circumventor.

But I agree, talk softly but carry a big stick!

-- 
Ryan Collins
Technology Coordinator - Kenton City Schools
http://www.kentoncityschools.org/