From: Eric Chamberlain (echamber@socrates.berkeley.edu)
Date: Thu Nov 07 2002 - 13:07:23 PST
Jennifer,
It sounds like your users are the biggest source of your problems. In
most cases, a firewall will not help you protect users from themselves.
When I was managing student labs, we imaged the machines and would
restore the image on the machine nightly or weekly. Otherwise, you will
need to control the desktop and what applications the users can execute.
You didn't mention the OS on the machines, but if you are not running
NT/2000/XP, there is not much you can do. If you are running
NT/2000/XP, you can restrict what the users can do and see. You may
want to look at joining the campus Active Directory forest
http://calnetad.berkeley.edu, then you could use group policies and
centrally manage all your PCs, user activity would also be identifiable
by CalNetID.
-- Eric Chamberlain, CISSP Campus Active Directory Architect Central Computing Services University of California, Berkeley http://calnetad.berkeley.edu-----Original Message----- From: owner-micronet-list@uclink4.berkeley.edu [mailto:owner-micronet-list@uclink4.berkeley.edu] On Behalf Of Jennifer Gwirtz Sent: Thursday, November 07, 2002 12:43 PM To: micronet-list@uclink.berkeley.edu Subject: [Micronet] Information on firewalls
Hello everyone,
My apologies for any redundancy with past e-mails.
This is a request for advice about firewall protection for a small department and its even smaller computer lab.
We are a very small department with a tiny graduate student computer lab that has 3 iMacs, 2 PCs, and possibly hundreds of users. Many graduate students insist on using services like Hotmail, which has recently brought all kinds of bad things into the network.
We are running Norton AV and keep it and system software updated regularly. Nevertheless, certain people use the lab carelessly, no matter what sort of rules I make. (I'm sure many of you who manage labs experience something similar.)
The only option I can see next would be to purchase a firewall for the department to keep us notified of activity and to deny access to mischief. Does this sound like the right thing to do?
Does anyone have any suggestions as to what we can do? Because we don't run our own server, I manage the computers individually. I am the only person who does this. Anything that's too labor-intensive won't work. Unless it includes human cloning software. (Just joking.)
I'm pretty happy with my home version of Norton's firewall. Can we use something like that in our campus offices and lab? Are there any limitations on this sort of thing? I've heard rumors of a campus firewall effort that's been going on. Does anyone know anything about this?
Thanks for the help in advance.
Sincerely, Jennifer -- Jennifer Gwirtz Department of Philosophy http://philosophy.berkeley.edu/
------------------------------------------------------------------------ The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to or unsubscribing from its mailing list and finding out about upcoming meetings, please visit the Micronet Web site: <http://micronet.berkeley.edu/>.
------------------------------------------------------------------------ The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to or unsubscribing from its mailing list and finding out about upcoming meetings, please visit the Micronet Web site: <http://micronet.berkeley.edu/>.
This archive was generated by hypermail 2b29 : Thu Nov 07 2002 - 13:12:09 PST