I have been asked to set up multiple LANs with Internet access in what I
consider to be a hostile environment - a private uni student dorm
complex.
That's about as hostile as you get! A lot of intelligent (generally!)
people with too much time on their hands.
I'm told that most of them are medical students, so the "time on their
hands" may not be a factor, but the generally high TER (or whatever it
is called these days) is :)
i think its the underachievers that would be a problem. the kids who
realised that they could get further ahead in life through extra
curicular activities than by drumming up their UAI.
8. How do I look for (possibly infringing) P2P traffic?
ntop (http://www.ntop.org/ntop.html) is a fantastic tool for analysing
the traffic on your network and includes breakdowns by protocol incl.
P2P.
are your students really in need of all these fancy facilities if they
are med students? why do they need ssh? why would they need telnet?
why not just lock off everything but squid. surely the majority of
their work would be research, aka browsing.
now ok maybe email. most email providers use webmail. if you enforce
your email server only (not a bad idea to prevent nasties), then
just have an interface to your mail server on your local network
or allow the ports only to that machine through your firewall.
if you are setting up terminals for them to use, then why not just
not include usb in the kernel, and dont include fat file systems ;)
but just locking the whole machine away should be excellent.
your first posting really didnt cover what the students
will be using the net for. you should analyse that and then
evaluate your firewall options. avoid the temptation to try
and make the most intelligent comprehensive firewall of all time,
when just having squid with no NAT etc would be ideal.
i may be misunderstanding though, if your students can plug
in their own machines you have a new and interesting challenge,
but then controlling intercommunication is more a switch issue
Dean
--
WWW: http://dean.bong.com.au LAN: http://www.bong.com.au
EMAIL: [EMAIL PROTECTED] or [EMAIL PROTECTED]
ICQ: 16867613
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
