Behind the Scenes at MIT's Network 118
BobB writes "MIT's head of computer networks and security gives an inside look at how the techie school is fending off hackers, cranking up its network to handle voice over IP and become a fiber network operator to link to other research institutions. From the article: 'Q - How do you actually enforce security standards among MIT's departments and network users? A - Enforce is not a word you can use at MIT. We try to entice people to do the right thing. We've made a lot of progress. We've removed the financial incentive to run your own network, which used to be cheaper than having us do it. We've been a cost-recovery network since forever now though. At many universities the network is free and they just fund it out of operating costs.'"
Re:MIT on wireless security (Score:3, Interesting)
At my uni we have wireless within the CS dept only, and that only within a small part of the building. It's monumentally shit.
Re:MIT on wireless security (Score:4, Interesting)
Re:Public IPs (Score:5, Interesting)
IST does a damn fine job, the stakes on having the network running smoothly are quite high and they get it done, but more importantly is the amount of freedom they allow. We've got the most heterogeneous environment I can think of with hundreds of Course 6ers looking for new ways to bend the network and Course 15s finding new ways to try to break it. There's everything from half broken 486s to Playstation 3s running SVN repositories to completely custom embedded devices sitting all over the network (not that they support these devices) running like a well oiled machine.
Disappointed... (Score:2, Interesting)
Re:Public IPs (Score:2, Interesting)
In my time there, they did not, however, actively monitor systems for viruses and malware. I often received spam from student PCs attempting to spread viruses via attachments. Many lab systems suffered from various malware, although that improved in my last year after they switched to a pseudo-thin client setup.
Today, I see such IP allocations as wasteful. The worst is a power utility which I worked for a few years back. They have (had) a direct allocation (can not recall the exact size), which they used of course for business purposes. However, they also assigned public IPs to devices never exposed to the Internet, i.e PLC controllers and process control computers. Most unfortunate IMHO.
Re:MIT on wireless security (Score:4, Interesting)
Re:It happens, but not "standard." (Score:3, Interesting)
Hooray for Public IPs (Score:2, Interesting)
Our school also gives public IP address to all our machines. It's so nice to be able to directly ssh/scp/sftp to your lab machine from home -- no tunnels, no firewalls, no VPN. Just you and your encrypted password. And then we go to some other institution and wonder why they take forever to load a web page -- and discover all the traffic for the entire network is being funneled through some machine which is trying desperately to NAT the entire campus's network. Siiiigh.
Yes I'm spoiled. It's good to be at a university that doesn't need to baby its users. If you run Windows and it's not up to date, it's kicked off the network until you patch it. Don't like that? Then run your *own* firewall, or switch to a system that doesn't leak like a sieve. Don't expect to ruin it for the rest of us because *you* choose to run insecure software.
Re:MIT on wireless security (Score:2, Interesting)
Plymouth University isn't small (about 30000 students enroled) because of the cost of notes the IT department modifed MS Exchange and started putting all lecture material online. Plymouth University also has 6 smaller campuses all of which can access this network (wirelessly on their campuses) there was a major network failure for the first time recently (A recently bought batch of Hard Drives failed badly in the SAN taking most of it out two days before the christmas break, by the end of the next day most of the network was working bar personal account space and personal email) by the new year (a week and a half after the failure) the full list of services were running as far as I've been able to make out only emails sent the night of the failure were lost (it happened at 7PM.) Since all external connections go through the Uni's VPN its also pretty secure.
Now this is for a university which is primarily a humanties university, why is a technology university only now looking at providing wireless access for laptops and PDA's when some have been doing it for five years? Why has a Tech University only recently got any good at doing things others have been doing well for years? I think thats the real question in my mind