+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 24 of 24
Network and Classroom Management Thread, Python and the school network in Technical; The worst that's going to happen is they'll create a mass email spam program, temporarily knock out a server or ...
  1. #16
    randle's Avatar
    Join Date
    Dec 2006
    Location
    Chelmsford, Essex
    Posts
    594
    Thank Post
    66
    Thanked 16 Times in 15 Posts
    Rep Power
    19
    The worst that's going to happen is they'll create a mass email spam program, temporarily knock out a server or exploit some privilege escalation bug and gain some confidential information.
    This is exactly what I'm worried about. Doesn't sound like something I'd like to deal with here if I'm honest.

    Thanks for the feedback eveyone. I'm more so thinking in the same vein as skunk. I'm not willing to allow any possibilities (that I can control) of access to confidential data as obviously would be held highly accountable for this. Also I've gone to the bother and time to secure the network so am not happy to give them the tools to simply undo all this.

    I'm in no way saying others are doing it wrong or that their opinion is wrong but just that I'm not willing to go down that route.

    I do run a vSphere server environment here so a virtual server with SSH/Text editor to provide these needs is a possibilty however have no knowledge of how to set this up but am willing to give it a go. My other option looks to be VPC2007 and images that don't save changes when shutdown. These wouldn't have a network connection but would provide a way to practice in a raw environment as suggested and can still access My Docs for saving through shared folders.

  2. #17
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,421
    Thank Post
    10
    Thanked 486 Times in 426 Posts
    Rep Power
    110
    Quote Originally Posted by CyberNerd View Post
    stuff like this:
    http://www.hsc.fr/ressources/outils/...atator_v0.2.py


    BAN programming!!!!
    They already have physical access to a machine and a valid account. There is only so much you are going to be able to do. I mitigated some of the impact with wired 802.1x and switch ACLs along with client/server firewalls to stop access from student VLANs to sensitive servers.

    You can't stop the determined hostile user though, just slow them down.

  3. #18
    randle's Avatar
    Join Date
    Dec 2006
    Location
    Chelmsford, Essex
    Posts
    594
    Thank Post
    66
    Thanked 16 Times in 15 Posts
    Rep Power
    19
    This is what I'm trying to find out. If they're running Python in an already restricted account, will it give them the tools to gain elevated access?

  4. #19


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by randle View Post
    This is what I'm trying to find out. If they're running Python in an already restricted account, will it give them the tools to gain elevated access?

    No. Permissions are permissions - but it isn't the security of the local machine you should be worried about.

  5. #20
    randle's Avatar
    Join Date
    Dec 2006
    Location
    Chelmsford, Essex
    Posts
    594
    Thank Post
    66
    Thanked 16 Times in 15 Posts
    Rep Power
    19
    Ok I meant more of a backdoor to the system/network then

    but it isn't the security of the local machine you should be worried about.
    It's not so much. It's network access primarily.

  6. #21


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Any modern computer language on a computer could create a risk if you consider that all virus, trojans etc are computer programmes.

    As @skunk and @DMcCoy say - the best thing you can do is apply a liberal use of vlans and firewalls to mitigate against crackers.

    My opinion is that the risk is tiny and theoretical. Allowing kids to be able to learn python vastly overweights the negatives.
    I think you should install the interpreter, and keep an eye on the log files.

  7. Thanks to CyberNerd from:

    randle (9th February 2012)

  8. #22


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,461
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    As others have said, python won't allow access to anything they don't have already.
    It will allow users to do things faster than they could by hand - and if it is on your regular network that could allow students to create a DoS scenario. Very easy to find out whodunnit though.
    You could probably stop the interpreter talking to the network using windows firewall, butthat spoils some of the fun.

    Setting up the single host should be easy enough - ubuntu server on vm, install ssh server, use likewise to link to AD, install python, install easy text editor like joe or pico. Push putty to clients. Done

  9. Thanks to tom_newton from:

    randle (9th February 2012)

  10. #23

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,614
    Thank Post
    1,230
    Thanked 773 Times in 671 Posts
    Rep Power
    235
    Quote Originally Posted by tom_newton View Post
    if it is on your regular network that could allow students to create a DoS scenario.
    More probably by accident than anything else, though - when the second years started doing networking in C++ at university the network used to get blitzed on a regular basis.

    You could probably stop the interpreter talking to the network using windows firewall, butthat spoils some of the fun.
    Maybe a VLAN with their own route to the Internet?

    Setting up the single host should be easy enough - ubuntu server on vm, install ssh server, use likewise to link to AD, install python, install easy text editor like joe or pico. Push putty to clients.
    Depends what they are to be taught - they might need a GUI of some kind (in which case a VNC or X terminal should be perfect). I'm sure we found a browser-based SSH client a few weeks back, too, so you could probably do all access via a web browser.

  11. #24
    januttall's Avatar
    Join Date
    Sep 2010
    Posts
    225
    Thank Post
    17
    Thanked 28 Times in 28 Posts
    Blog Entries
    1
    Rep Power
    13
    python works great on windows just a word of warning: python can esaily be used to communicate over the network verry easily so good firewalls might be recomended in a school enviroment and putting it on another machine sounds a good idea

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Access schools internet but not the school network??
    By burgemaster in forum Internet Related/Filtering/Firewall
    Replies: 6
    Last Post: 6th February 2012, 11:09 AM
  2. [Hardware/Misc Related] MP3's on the school Network
    By Millsy79 in forum Licensing Questions
    Replies: 15
    Last Post: 8th December 2009, 12:31 PM
  3. Replies: 1
    Last Post: 1st May 2008, 09:04 AM
  4. School networks and aid to Africa. A comparison.
    By Dos_Box in forum General Chat
    Replies: 14
    Last Post: 5th July 2005, 11:36 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •