You clearly are not protecting against one of your students running attack
programs, network scans, etc. - since they own the computer they obviously
have root access. So, what is it that you are 'protecting' against anyway?
Are you trying to protect the unsophisticated computer user from being
attacked and exploited? If so, your minimum standards probably do hit that
target.
But this is NOT an unsophisticated user. And if s/he wants to run beta
software, then why do you care. Perhaps purely for informational purposes?
If so, you can easily add a notification clause to the network access
agreement. You've already got something like this, right?
"Student agrees that any operating system software run on any host connected
to our network will be legally acquired. For protection of yourself and
other students we require you to obtain and apply all security patches for
your operating system."
"We actively monitor the network and will - without notification - disable
your network port or suspend your network access if we observe any hostile
or unusual activity origination from your computers."
So add:
"In the event student chooses to run beta or other pre-release software,
s/he will notify network services via email of the nature and version of
such operating system software at least 24 hours prior to installation.
Student assumes all risks for using any (not just operating system) beta or
pre-release software, and we do not provide any support for such beta or
pre-release software."
-----Burton
-----Original Message-----
From: Lance.Druger@wellsfargo.com [mailto:Lance.Druger@wellsfargo.com]
Sent: Wednesday, September 28, 2005 5:39 PM
To: security-basics@securityfocus.com
Subject: RE: Windows Vista current flaws
This is a residence hall, and not a "work" environment. If this was a bank
or other corporation I'd agree with that, but these are students in a dorm
room. I still think that there should be some flexibility. Just my 2 cents.
Lance Druger
-----Original Message-----
From: Micheal Espinola Jr [mailto:michealespinola@gmail.com]
Sent: Tuesday, September 27, 2005 9:28 AM
To: security-basics@securityfocus.com
Subject: Re: Windows Vista current flaws
Beta software should not be allowed to run unchecked in a production
environment.
On 9/27/05, Jon Lawhead <samurai@berkeley.edu> wrote:
Greetings all,
I work in Network Security for UC Berkeley's residence halls. We have
a list of several "minimum
security standards" that we require all connected computers to meet
before being allowed access to
the network (stuff like having a firewall program, antivirus, etc).
One of the standards involves
having the latest patched version of a secure operating system. I
have a user on the network who
wishes to run a (legitimately acquired, or so he says) version of
Windows Vista beta version.
Before I decide on this, I wanted opinions on whether or not this is a
good idea. My first
instinct is to disallow any beta operating systems simply on the
grounds that they'll be buggy by
definition and may potentially have serious security flaws, but I
can't find anything to back this
up. Just wondering if I could get a few opinions on whether or not
this is a good idea. Thanks!
Jon Lawhead
Network Security Coordinator
Residential Computing
University of California, Berkeley
--
ME2 <http://www.santeriasys.net/>
