Educational Security/Networking Questions
From: Michael Bradley (LilAviator_at_hotmail.com)
Date: 07/09/03
- Previous message: Daniel Klug: "Re: Securing Kiosks after adding MS Office apps?"
- Next in thread: Markus E. Kippler: "Re: Educational Security/Networking Questions"
- Reply: Markus E. Kippler: "Re: Educational Security/Networking Questions"
- Reply: Dirk Krause: "Re: Educational Security/Networking Questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 09 Jul 2003 05:59:02 GMT
Hey Guys,
Sorry for the cross posting, but this is quite a scenario. It's a setup
like a high school on an NT network with all the student and most the
faculty workstations running W2k or XP and TCP/IP protocol with DHCP
assigned addressess. I have several hundred machines all on the same
backbone, but two domains (Each with their own PDC) one for the students and
one for the administrators. How is the best way to ensure that traffic is
not sent back and forth between the two domains (ie I want to make sure that
student computers can only see other student computers), would subnetting be
the best solution for this? If I subnet are there still ways to see one
side from the other? Since the staff uses their accounts to work on student
grades, tests, and other FERPA type of stuff, I want to be sure that
information transmitted on the faculty side can not be picked up by some kid
with an ethernet sniffer, which leads me to another question...
How concerned should I be with standard networking tools like nbtstat being
used to collect information about the network. If I catch someone using it
should I be concerned? Is it easy to disable tools like nbtstat or the net
commands (to prevent file shares from being setup) without losing
functionality in my network? Also, is there a way to protect against the
kind of hacking tools that can be downloaded from the internet? Especially
programs like PWDUMP. At what point should I be concerned, as a Sysadmin,
if I catch students looking at, downloading or using those kind of programs
and what is the generally accepted procedure for dealing with that? Talk to
the kid, give him detention, kick him out of school, have him arrested...?
I have one lab that the students need local admin rights to complete their
assignments. How's the best way to go about giving them this kind of
access? Is there any reason I should be worried about the students having
local administrative access to the student machines?
My last question I guess is one of ethics. As a system administrator, where
do I have to draw the line with privacy and other issues. How much latitude
does the sysadmin have in monitoring network traffic? Does it make a
difference if it is traffic strictly on our intranet vs. traffic to outside
servers? Also, the students all have personal, private space on the file
server. What kind of legal steps do I have to take before going through a
cursory examination of a students private storage space? Before going into
an in depth investigation (Pulling back up tapes, etc)? Also, if I believe
I have evidence that someone has been trying to gain unauthorized access to
my system, what are my first steps in:
a. protecting the network
b. protecting the evidence
and
c. protecting users from being setup by a third party.
Thank you for any help y'all can provide, I will appreciate it greatly!!!
God Bless,
Mike
- Previous message: Daniel Klug: "Re: Securing Kiosks after adding MS Office apps?"
- Next in thread: Markus E. Kippler: "Re: Educational Security/Networking Questions"
- Reply: Markus E. Kippler: "Re: Educational Security/Networking Questions"
- Reply: Dirk Krause: "Re: Educational Security/Networking Questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
