Linux Security Advice Needed

**Stuarte** · 22nd January 2009, 11:01 AM

Hi Guys,
Advice needed please.
Our SMTs have decided, in there wisdom, to allow a group of students to setup a video streaming server on the school's network as a project. They will be setting up a Suse Linux box to do this and will ,of course, have to use the school's (Microsoft) infrastructure to stream to classrooms.

Now, I know jack sh*t about Linux. The SMTs know even less. I don't want to leave a potential open door into the school's network.

can I tap your collective knowledge to come up with enough reasons to put before the SMTs to stall the project until I have time to at least get my head around Suse a bit.

Any advice about potential security or other issues greatly received.

Cheers,
Stuart

**dhicks** · 22nd January 2009, 11:15 AM

Originally Posted by Stuarte

can I tap your collective knowledge to come up with enough reasons to put before the SMTs to stall the project until I have time to at least get my head around Suse a bit.

It's just a server on your network, just give them a machine and leave them to get on with it.

--
David Hicks

**powdarrmonkey** · 22nd January 2009, 11:51 AM

I think the fact that you're not in a position to ensure they are working safely on your live network is reason enough. Set them up a switch and a couple of machines in isolation perhaps? Or use Windows Media whatsidoo and its streaming services.

**tom_newton** · 22nd January 2009, 12:05 PM

As long as you don't give the students root access (they must ask you if they want any software installing) then I cant see it being too much of an issue. If you can isolate it on a separate network and open limited, logged traffic to and from it, so much the better.

Don't fear the linux though

**Stuarte** · 22nd January 2009, 12:35 PM

Originally Posted by dhicks

It's just a server on your network, just give them a machine and leave them to get on with it.

--
David Hicks

have you ever used a computer before? Really useful, thanks........

**CyberNerd** · 22nd January 2009, 12:41 PM

we've got a linux video server on the network, it's just another computer on the network. teachers use it to stream video, and it runs a webserver. thats it.

**Stuarte** · 22nd January 2009, 12:47 PM

Thanks CyberNerd. But yours isn't administered by students, right?

**CyberNerd** · 22nd January 2009, 12:53 PM

Thanks CyberNerd. But yours isn't administered by students, right?

no, but what difference does it make?
I understand why you might be worried about the security of your windows network - but linux isn't going to harm it any more than a windows computer will.

**powdarrmonkey** · 22nd January 2009, 12:58 PM

Originally Posted by Stuarte

have you ever used a computer before? Really useful, thanks........

Let's not troll, please. David has a very good reputation and is very knowledgable (though that doesn't mean I agree with his comment).

**Stuarte** · 22nd January 2009, 01:10 PM

I was just trying to ask a question. I am not a pro Microsoft anti Linux head. I just don't yet know much about it yet and was genuinely asking for advice to fill a gap in my knowledge. Thanks to those that have replied constructively.

**stickboy** · 23rd January 2009, 04:00 PM

Actually, this is a really important issue.

Allowing non-MS equipment into certain setups can really cause some issues.
(In Lincolnshire at least) some of the school systems setup by NetLinc's agents (ramesys I think) have things like full open shares on the server. These are then restricted by policies applied when logging onto the domain.
So if you're using windows boxes and policies it's fine, no-one can see those wide open shares....
This will then screw you over as soon as people bring their own laptops in, but use their network login to browse the network. Or even worse using Linux or Apple kit which also show hidden shares by default!!

To be honest, if they've suggested using Linux themselves, then they're probably just harmless geeks. In which case it might be worth some of your time sitting down and going through it with them. You'll learn some cool stuff about Linux and they might learn why they can't just chuck it on the network...
I'd also make one of the provisions of the project that you get a root account on the box..... Just in case

Steve

**webman** · 23rd January 2009, 04:11 PM

Originally Posted by stickboy

(In Lincolnshire at least) some of the school systems setup by NetLinc's agents (ramesys I think) have things like full open shares on the server. These are then restricted by policies applied when logging onto the domain.

Then this is stupid.

**stickboy** · 23rd January 2009, 04:15 PM

Agreed, but you just try going in and securing a live system like that without having any issues!

**powdarrmonkey** · 23rd January 2009, 04:39 PM

Originally Posted by stickboy

To be honest, if they've suggested using Linux themselves, then they're probably just harmless geeks.

It's very likely, yes

I'd also make one of the provisions of the project that you get a root account on the box..... Just in case

Better than that, keep root to yourself and give them sudo access.

**russdev** · 23rd January 2009, 05:44 PM

I got suggestion say yes to project on condition that your are part of project (you learn together) and that s part of the project terms they have to setup a secure server.

If you take part in project with them you will learn with them.

Russ

LinkBack

Thread Tools

Search Thread

Linux Security Advice Needed

Similar Threads

Linux Training Advice

Linux Advice

SUSE Linux Enterprise

Advice needed please

advice needed on weather a new server is needed

Thread Information

Users Browsing this Thread

Tags for this Thread

Posting Permissions