On Tue, Feb 01, 2005 at 04:55:36AM +1100, Howard Lowndes wrote: > 3. Locked cases with no CD or floppy - how can I prevent USB drives > being attached without disabling the USB bus in the BIOS. My thinking > here is that I will use the USB bus to connect to the Internet modem and > the Ethernet connection to connect to the LAN. Perhaps I might be > better off to totally disable the USB bus in the BIOS and use a second > Ethernet connection to connect to the Internet modem.
super glue? Seriously. > 4. SNORT on all interfaces. > 5. Traffic volume monitoring and reporting with traffic shaping for over > quota - what are the privacy considerations here? RRDTOOLS - anything > else here? > 6. Tight access control into the gateway boxes themselves - no user > accounts. > 7. Normal filtering of Internet nasties. > 8. How do I look for (possibly infringing) P2P traffic? > 9. I will need to allow for HTTP, HTTPS, SMTP, POP3, but what ports > should I allow for the various IMs, a/v streaming, IRC (6667), what > else? I might also need to cater for IPSec tunnelling - I know what is > needed there. > 10. As this is a private dorm complex, what about AUPs between the > students and the landlord. > > OK, that's just immediate random thoughts. Would anyone care to add to > my worry list, esp anyone who has sysadmin experience in a > hostile^H^H^H^Hstudent environment. :) > > > -- > Howard. > LANNet Computing Associates; > Your Linux people <http://www.lannetlinux.com> > ------------------------------------------ > "When you just want a system that works, you choose Linux; > when you want a system that just works, you choose Microsoft." > ------------------------------------------ > "Flatter government, not fatter government; > Get rid of the Australian states." > > > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
