[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [school-discuss] What should school firewalls keep in/out?

To: schoolforge-discuss@schoolforge.net
Subject: Re: [school-discuss] What should school firewalls keep in/out?
From: Doug Loss <drloss@suscom.net>
Date: Thu, 07 Mar 2002 08:05:55 -0500
Delivered-To: archiver@seul.org
Delivered-To: schoolforge-discuss-outgoing@seul.org
Delivered-To: schoolforge-discuss@seul.org
Delivery-Date: Thu, 07 Mar 2002 08:05:55 -0500
Organization: Bloomsburg University
References: <1015443094.3c866e96442e1@members.iteachnet.org> <E16ioYT-0000KL-00@hawk.mail.pas.earthlink.net> <7w4rjslqrq.fsf@paranormal.se>
Reply-To: schoolforge-discuss@schoolforge.net
Sender: owner-schoolforge-discuss@schoolforge.net

Fredrik Liljegren wrote:

> I know that there is a problem of students chatting during lessons,
> I've had them myself (adult students even), but port-blocking or even
> irc-software prevention is *not* a solution to that.  Neither is
> blocking ssh-ports, since there are hundreds of portals for ssh on
> port 80.  I know it is idealistic thinking of me, but I think that it
> is the teachers job to make his course interresting and motivating
> enough.
>
> > For both types of schools ALL FILE SHARING PORTS _SHOULD_ BE CLOSED!
> > They are _not_ needed at all.
>
> That's true, at least for file-sharing a'la napster etc.  Since the
> school probably has a policy of not stealing music etc both specific
> ports and software should be unavailable.  FTP on the other hand is
> quite useful for many purposes :)

Let me jump into this discussion from a network admin's point of view.
Here at the university, our firewalling is rudimentary, as anytime we
actually block something students and faculty scream and the
administration caves in and orders us to unblock it.  What is a godsend,
however, is the traffic shaper we've installed.  This allows us to
prioritize various types of traffic and to set both hard and soft limits
on total bandwidth allowed.  For example, we've set nntp traffic to just a
low amount of bandwidth during normal work hours, but allow it to grow
quite a bit over the nighttime hours.  File sharing protocols are allowed,
but hard limited to no more that (I don't remember the numbers exactly, so
this is a rough estimate) 10% of our overall bandwidth.  Traffic for our
library database (maintained at one of our sister schools for all the
schools in the Pennsylvania State System of Higher Education) gets
prioritized so it always goes first.  You see the kind of things we can
do.

I find this much more useful than blocking entire classes of traffic.

--
Doug Loss                 All I want is a warm bed
Data Network Coordinator  and a kind word and
Bloomsburg University     unlimited power.
dloss@bloomu.edu                Ashleigh Brilliant

References:
- [school-discuss] What should school firewalls keep in/out?
  - From: David Bucknell <david@members.iteachnet.org>
- Re: [school-discuss] What should school firewalls keep in/out?
  - From: Chris Hornbaker <chrishornbaker@earthlink.net>
- Re: [school-discuss] What should school firewalls keep in/out?
  - From: Fredrik Liljegren <fredrik@liljegren.org>

Prev by Date: Re: [school-discuss] First Programming Language
Next by Date: [school-discuss] News: Simputer for the masses set for takeoff
Prev by thread: Re: [school-discuss] What should school firewalls keep in/out?
Next by thread: Re: [school-discuss] What should school firewalls keep in/out?
Index(es):
- Date
- Thread