Re: firewalls and computer securi
From: Susan (vyyrproenROT13@yahoo.com)Date: 09/25/02
- Next message: Eric P. McCoy: "Re: firewalls and computer securi"
- Previous message: : "Re: Which Antivirus"
- In reply to: WGCL: "Re: firewalls and computer securi"
- Next in thread: linowes: "Re: firewalls and computer securi"
- Reply: linowes: "Re: firewalls and computer securi"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: vyyrproenROT13@yahoo.com (Susan) Date: Wed, 25 Sep 2002 19:52:15 GMT
On 25 Sep 2002 12:23:20 -0700, wpgcl@yahoo.com (WGCL) wrote:
<snip>
>
>So...I shouldn't be using ftp and telnet, but ssh and sftp(?) instead,
>right, which provide some level of encryption? But my Uni. (and dept)
>do nothing to dissuade me from using telnet and ftp to connect to
>their servers, and they don't even provide support for passive ftp
>(just active). So, if they don't care, and they know more than me
>(and have more responsibility, I guess), maybe I don't have to?
>
Computer science departments have to deal with a lot of students, many
of which (who in my opinion shouldn't be there anyway) don't even know
what ssh is and won't go through the trouble of finding out. Thus,
after enough complaints, the department usually conceeds to use less
secure services, or is forced to by the really-high-up folks who are
normally non-techies.
My last university handled everything via telnet instead of ssh as
well, and didn't even require (or allow) the use of digital signatures
(GPG would have been sufficient) to confirm assignments submitted via
email, even though we all know how easy it is to spoof an email
address.
Also, it depends on what university you're at. There are still parts
of the US where cryptography in all its forms is a major taboo, even
to educators who should know better. Heck, I had a high school
teacher try to get me kicked out of school for reading Schneier's
_Applied_Cryptography_ during my study hall. She claimed that I was a
"danger to society". Luckily, not all the faculty at the school were
so closed-minded.
>There don't seem to be many repercussions for the users of the server
>from using telnet and ftp, but maybe the department has to deal with
>some problems? That's their problem, I guess - after all, they're the
>ones who set the rules we have to abide by.
>
>Incidentally, I have a friend whose department (in another Uni.)
>forbids telnet (and accepts only ssh), but allows ftp (and I think the
>password is the same for both services). This seems rather silly, if
>I've got it right.
Some system administrators are better than others. Some schools give
the right people control over computing policies, and some leave it to
people with no technical knowledge whatsoever. It happens. All that
you can do is defend YOUR system as well as you are able, and
encourage others to adopt better security policies as well.
>
>Anyway, thanks for the information - you've satisfied my curiosity
>about these things. I wantede to know if there was anything I
>particularly needed to do to secure my computer, but it appears not.
It depends on your personal level of paranoia... I'm fairly strict
with the security policies on my home computers. If my husband had it
his way, I would chuck my firewall and other security measures in
favor of his convenience. My method leaves many less avenues of
attack than his, but his requires no effort (until the compromise
happens, of course, but he still thinks that it can't happen to him).
Susan
- Next message: Eric P. McCoy: "Re: firewalls and computer securi"
- Previous message: : "Re: Which Antivirus"
- In reply to: WGCL: "Re: firewalls and computer securi"
- Next in thread: linowes: "Re: firewalls and computer securi"
- Reply: linowes: "Re: firewalls and computer securi"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
