Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

P2P Programs on K-12 Networks?

Cliff posted more than 12 years ago | from the keeping-the-network-clean dept.

Education 602

deque_alpha asks: "I am a system administrator for a small K-12 public school district. I am taking over after a bunch of goofballs have really messed things up, the technology department is in utter disarray. I have near infinite problems, but the hairiest are with people sucking up what little bandwidth we have, introducing virii, downloading warez, and generally causing problems with P2P file sharing programs. I don't generally have a problem with these programs, but they are not an appropriate use of the limited bandwidth of a K-12 institution as they provide little in the way of an educational resource, not to mention the legal liability they potentially introduce. The rub lies in that these people are teachers, and I have virtually no policy to back me up if I come down on them, but shutting them down is neccesary to maintain harmony (and legality) on the network. I don't have the authority to pen new policies myself, and my supervisor cannot to be counted on to do it either. Have any of you been in this position before? How would you approach solving it without totally alienating your users? How do you broach the subject of introducing new policies with supervisors?"

Sorry! There are no comments related to the filter you selected.

I am not wearing pantz! (-1)

cyborg_monkey (150790) | more than 12 years ago | (#3480350)

Hat trick biatches!

I am the cyborg_firstPoster!

Re:I am not wearing pantz! (-1)

IAgreeWithThisPost (550896) | more than 12 years ago | (#3480533)

Congrats on the threesome, fellow LIT

If they're K-12 teachers... (0, Insightful)

Anonymous Coward | more than 12 years ago | (#3480369)

then chances are they're just plain stupid. Block the ports and if they come complaining, say you don't know what's going on, you don't use such programs.

Also irreducibly a social problem... (2)

Futurepower(R) (558542) | more than 12 years ago | (#3480447)


Yes, block the P2P ports with a firewall. However, this is also a social problem that must be handled in a skillful way.

Re:If they're K-12 teachers... (1)

Score Whore (32328) | more than 12 years ago | (#3480524)

They're not stupid. They're underpaid. They're tired. They're harrassed. They're trying to do a job with active interferance from parents and supervisors. They're disrespected.

Just because someone is a K-12 teacher doesn't make them stupid and if you honestly think that they are, then you are truly narrowminded and possibly bordering on stupid yourself.

Re:If they're K-12 teachers... (4, Interesting)

Archfeld (6757) | more than 12 years ago | (#3480538)

exactly what we did...block ports and make them send you a note detailing why they want a specific port open. Most people will realize how stupid what they're asking is if they have to sit down and write it out. errr please open these ports so I can run my p2p software to pirate music using school resources...umm maybe I better not send that one :) Use SECURITY as the overall kicker, in order to maintain the security and integrity of the network it is essential the Admin knows whats going on. BTW if you do get a moron asking for P2P ports forward it to the rest of the staff for a good laugh.

Follow the examples of the Bastard Operator from Hell and you cannot go wrong :)

Take Charge (3, Interesting)

ouslush (535043) | more than 12 years ago | (#3480372)

This is obviously a problem that lies in every school district and also in college. Just take charge and let the teachers know (in a non-technical and informative way) the reasons that you want to block these specific P2P networks from being accessed. If you set a standard, people will conform

proxies (4, Insightful)

The Turd Report (527733) | more than 12 years ago | (#3480375)

Set up a web proxy. Firewall off everything else. Only allow port 80 traffic from workstations. It will kill off all the bandwidth eating crap, but still allow use of the internet for school.

Filtering/Throttling (5, Insightful)

Ramses0 (63476) | more than 12 years ago | (#3480379)

I am not a big user of the P2P programs, but my first guess would be to figure out which ports are being used by common P2P programs, and then throttle them down to 0.5kbps. The trick is, that if your users are doing something illegal, it's really tough for them to complain about it running slowly. :^)

As for how to throttle them down, I'm sure it's possible with a properly configured linux server/firewall along with some kind of proxy program.

--Robert

Re:Filtering/Throttling (0)

Anonymous Coward | more than 12 years ago | (#3480463)


Instead of taking the authoritarian approach - throttling and limiting your users... push for funding for more bandwidth.

Why is it that we IT people are always on the negative end? I wish more people would try their best to accomodate their users!

Re:Filtering/Throttling (1, Insightful)

Anonymous Coward | more than 12 years ago | (#3480525)

Do you want to go to a school board meeting and argue for more funding so that Mr. Garrison can download more gay porn? Do you want to explain why this is a wise use of tax dollars? Mr. Hat doesn't pay taxes.

Re:Filtering/Throttling (-1)

IAgreeWithThisPost (550896) | more than 12 years ago | (#3480557)

Instead of taking the authoritarian approach - throttling and limiting your users... push for funding for more bandwidth.

Why is it that we IT people are always on the negative end? I wish more people would try their best to accomodate their users!


This is true genius trolling. It's a shame you are a dirty AC and not with the CLITs

Re:Filtering/Throttling (2, Insightful)

Kwikymart (90332) | more than 12 years ago | (#3480563)

Why pay for something they dont need? School is about learning, not listening to mp3s, and it isnt like they kids are living in dorms. The money should go to something worthwhile like books or better teachers (preferrably ones that dont require downloading music via P2P or anything else of the sort). Even if the school doesnt need anything new, putting money into bandwidth to allow people to use P2P services is futile. No matter how fast your connection gets, you will always saturate it given enough people if unregulated. People will notice that it is really fast, then download even more stuff, and then tell other teachers/students/other people that should be working/. Filtering it or Denying it completely is the only long term solution.

Re:Filtering/Throttling (2)

Ioldanach (88584) | more than 12 years ago | (#3480474)

throttle them down to 0.5kbps

Ooh, now that's one I had completely overlooked... Outstanding idea. 0.5kbps might be a little low, even for this, since you'd get connections dropped and they'd probably mention it. Put it at 5kbps, though, and you should be fine, and it shouldn't impact much, either.

Just make it extremely inconvenient to do, and people won't be as likely to do it...

Re:Filtering/Throttling (4, Funny)

CmdrPinkTaco (63423) | more than 12 years ago | (#3480544)

Or instead of throttling them down, you install a logging proxy and show them that you know exactly what they are doing and when they do it. Print out a monthly report and post it in the teacher's lounge.

If information wants to be free, then let their peers handle any wrong-doing amongst the staff by giving them all the information that you can.

New hardware (5, Insightful)

GigsVT (208848) | more than 12 years ago | (#3480386)

Simple,

You just put in a new firewall that doesn't support such things. Technical limitation, wink wink.

In other words, lock them behind an http only proxy, or whatever other proxies they really need. You aren't a general use ISP.

If they complain, tell them it's impossible to change, due to some complex technical matter. Just mention TCP header length and TTL and their eyes will glaze over as they nod slowly.

Re:New hardware (2, Interesting)

Shipwright (175684) | more than 12 years ago | (#3480449)

Or find software to throttle down all ports but email, ftp and http - Teachers might complain about completely blocked P2P access but will they complain about horrible speed?

Re:New hardware (4, Interesting)

zaius (147422) | more than 12 years ago | (#3480506)

This is what we do at the school where I work.

It has the additional advantage that, if they have a problem with it and decide to bring the issue up with a higher power, they probably won't be able to explain why it's so important for them to be able to download music or images or whatever, and therefore probably won't get anywhere. A few weeks after we started blocking Napster, Gnutella and friends, the school principal sent out an email without consulting us saying that those programs were no longer allowed... most likely because he had no idea before people started complaining of what these programs were even for.

Re:New hardware (1)

nherc (530930) | more than 12 years ago | (#3480517)

Exactly, that's what I was going to suggest.

The majority of them won't figure out how set the proxy in their P2P software or to tunnel and if they do, good for them. :)

It sounds like they only really need web access anyway.

The obvious answer (5, Funny)

dachshund (300733) | more than 12 years ago | (#3480387)

You've got problems with p2p users and virus idiots? Just block all the relevant p2p ports and blame it on a computer virus. Then sit back and watch the two groups destroy each other.

Re:The obvious answer (0)

Anonymous Coward | more than 12 years ago | (#3480419)

Classic! Spoken like a true BOFH!

Re:The obvious answer (1)

Anonymous Coward | more than 12 years ago | (#3480507)



Wow, "virus idiots"... I think you meant various but whatever. What a typical SNL computer guy skit. I bet you go around thinking everyone else on your network is an "l-user" and insult people daily who might ask you where the control panel is. F*ckin' jerk!

Ask your supervisor this: (2)

freeweed (309734) | more than 12 years ago | (#3480391)

Would you let the children drive a car without proper training, and consequences if they do something wrong?

If not, then why on earth would you allow someone to just wantonly use a computer however they see fit?

Re:Ask your supervisor this: (3)

doooras (543177) | more than 12 years ago | (#3480412)

i'm not aware of any pedestrians being run over by a computer being used by some kid.

Easy solution (0)

Anonymous Coward | more than 12 years ago | (#3480392)

Just block the ports they use. What can the teachers do?

Alienating? (0)

Anonymous Coward | more than 12 years ago | (#3480393)

You're worried about alienating the users. The users are kids doing illegal things on a publicly funded network. just get a firewall and block all ports but 80.

When you have no authority, help just control (4, Interesting)

stoolpigeon (454276) | more than 12 years ago | (#3480394)

My favorite method at this time is to just shut off whatever I need to shut off. Limit access where it needs to be limited.

Then when the questions start flying I just shrug and try to look dumb. "I don't know what happened to your ability to download porn at work."

They wont know what's going on and most people despite all reason believe that computers act in a random and hurtful manner of their own volition.

.

Re:When you have no authority, help just control (2)

bricriu (184334) | more than 12 years ago | (#3480556)

They wont know what's going on and most people despite all reason believe that computers act in a random and hurtful manner of their own volition.

True. But do we really want to encourage that attitude? The more someone fears his/her computer's caprice, the less likely that person is going to be to experiment with programs or OPERATING SYSTEMS (cough, cough) of slightly-less-than-average user-friendliness. I've always thought that part of having Open Source software is the ability to control your computer -- but first you must have the inclination.

Yeah I have a suggestion (5, Insightful)

BlkPanther (515751) | more than 12 years ago | (#3480395)

Hold a meeting with your staff, and explain to them the dangers, liabilities and your other various points. Explain it so THEY will understand what you are talking about, without talking DOWN to them. If they are responsible adults, they will understand and should comply somewhat if not entirely.

I always believe that it is easiest to reason with people before going behind their backs with rules, policies, etc. Once you have an understanding established, then apply some rules and policies, with the backing of the staff.

Beyond that if they won't work with you, then block the common file sharing ports or throttle the bandwidth to their workstations! That will always work!

Re:Yeah I have a suggestion (3, Insightful)

Amazing Quantum Man (458715) | more than 12 years ago | (#3480440)

Explain it so THEY will understand what you are talking about, without talking DOWN to them

Point out that bandwidth is like budget. They've all had to cut something so that everyone get some budget, and therefore understand that short budget is a zero-sum game. In this situation, your bandwidth is zero-sum.

Go to Administration (2)

Amazing Quantum Man (458715) | more than 12 years ago | (#3480397)

I'd come up with an AUP explicitly banning P2P, not for any ideological reasons, but stating the bandwidth/virus concerns.

Take it to the principal (or whoever administration is if you're above the individual school level), and get it approved. Use logical reasoning. By pointing out that bandwidth is very limited, and such programs are interfering with the educational use of the 'net (YES -- a legit "for the kids" argument!), you should be able to get the AUP approved. At that point, you can ban all such things, and block your incoming/outgoing ports.

Re:Go to Administration (2)

Amazing Quantum Man (458715) | more than 12 years ago | (#3480418)

I hate replying to myself...

Sorry, I didn't make myself clear. No, you don't have authority to impose an AUP on your own, but if you write one for the higher-ups, that's work *THEY* don't have to do, so it should be easy approval, as long as the AUP makes sense.

talk to them (0)

Anonymous Coward | more than 12 years ago | (#3480398)

How would you approach solving it without totally alienating your users?

Talk to (or email or interoffice mail or call) them. Ask them if they can remove the software from their network. I really don't see why a K-12 teacher would decline. If they do, then worry about talking to their supervisor.

I'd Lie like hell... (1, Offtopic)

GOD_ALMIGHTY (17678) | more than 12 years ago | (#3480399)

Seriously, use those english classes for something good. Start blocking ports left and right, shutting stuff off at the routers and tell them it's a system problem on their machine and you'll fix it when you get around to it.

If they're as clueless as the teachers and students I had in K-12, you'll have no problems whatsoever.

Besides, how exactly is the pansy ass administration going to get the balls to audit if they can't be bothered to come up with some decent guidlines.

Just figure out a hitlist of things to blame it on. M$, Real, Kazaa, Spyware.... whatever.

I'd be suprised as hell if you got caught.

Re:I'd Lie like hell... (3, Insightful)

Iltamies (153447) | more than 12 years ago | (#3480564)

This is exactly the kind of mentality that continues to harm the IT Industry workers more than it helps. Depending on the lack of education of our user bases to provide a cover for our collective bad attitudes, grudges, and lies is no answer.

Explaining these things reasonably to users without making them feel like your hating on them is perhaps a better solution. Tell them it's illegal, sometimes they just don't know. If they don't care, as has been pointed out prior to my posting they have no basis to argue with you if/when you block the ports. But tell them it's happening before you do it, or right after you do.

If somebody above you tells you to open the ports or allow the illegal activities to continue, explain to them what kind of ethical, not to mention legal issues they are bringing onto you.

I have at previous jobs had my employers sign written up and sometimes notarized documents saying that it was their decision and their action allowing the illegal activities to continue. (After I said no they got somebody else to do it against my recommendation.)

And one question: Do you like or need this job so badly that you can't explain to them your points of view without fear of losing it?

The good of the many... (1)

drywater (543888) | more than 12 years ago | (#3480402)

...outweighs the good of the few. Or the one... -JCD

Re:The good of the many... (1)

DEBEDb (456706) | more than 12 years ago | (#3480551)

Even if you agree with the philosophy
of this, the problem is that nobody
can really say what the good of many
is, often times. Sure, amend that
to "wishes of many", but even that
has a lot of grey areas.

unfortunately you're screwed (4, Interesting)

-ryan (115102) | more than 12 years ago | (#3480404)

When it comes to implementing technology policy in any organization unfortunately the only way to be successful is to have 100% support from upper mgmt (or in your case administration). You can always regulate on your own and act like you have the authority, but sooner or later you'll piss off the wrong person and that person will just so happen to be best buds with your boss. Good luck.

It truly amazes me how many times I've been hired or contracted to do something but not had the authority to follow through.

Block the ports (2, Funny)

God_Retired (44721) | more than 12 years ago | (#3480407)

Just block the ports for the p2p. What are the teachers or students going to get all pissed, run up and say,"WTF!? You're phreaking the l33t h4x0r thing we got going! Daaaamn you!" ?

Acceptable use (5, Insightful)

Publicus (415536) | more than 12 years ago | (#3480409)

Find out if your town or county has any kind of acceptable use policy. They probably do. Or, if your school receives state funding, perhaps there is an acceptable use policy at the state level. In short, follow the money and then check for policies.

I'm sure you'll find that what these teachers are doing is not acceptable. Put up a firewall, do what you need to do so that P2P software doesn't work, and when they come and complain point to the policy that defines acceptable use.

Whatever you do, enforce across the board! Don't just block the few teachers that are the problem, block the whole network. That's the best way to stay out of trouble.

Paranoia In Place of Policy (4, Insightful)

Kagato (116051) | more than 12 years ago | (#3480411)

Well, if you can't pen policy, you can create paranoia in order to create harmony. In you case, big brother is watching. You might not be able tell people to stop, but you can pen a friendly letter explaining the legalities, liabilities, oh, and that you have the technology to log and track all internet traffic going on the network.

A little paranoia goes a long way. And as an added benfit those you don't have to stick up for anything because you're not changing policy at all. You are "executing the due diligence required by law".

Been there (2, Interesting)

CS_Bucky (464567) | more than 12 years ago | (#3480415)

I know that I have worked in a large agency (I would prefer not to name names) and we had a similar problem. We just cut them off, and waited to see who got mad. The thing is that most people have a tendency to not complain if they know that what they are doing is not completely in the best interest of where they work. The bottom line is that it is not there private connection, it is the school districts, and the school district should be aloud to limit if necessary. Now stopping these connections, that can be a bit more tricky, but there are software apps out there that will do it, or if you are really good do what we did, and write your own :).

Good luck...... (2, Insightful)

isotope23 (210590) | more than 12 years ago | (#3480425)

You'll need it.

Try for an acceptable use policy first. I would recommend you implement it at the beginning of
the next school year (assuming non-year round school here)

Try and get buy in from the high up muckity mucks
and or a technology "team". I went through guiding a whole district onto the internet.
The policy part was the toughest......

I assume we are talking multiple k-12 sites with point to point links? If you do have routers between the schools, you could block most of the ports, (to give you breathing room)

What are you running for OS and Network OS?

Let everyone know (2)

Kintanon (65528) | more than 12 years ago | (#3480426)

Send out a schoolwide e-mail to administrators, teachers, etc... everybody. Make it say something like the following:

It has come to my attention that certain individuals have installed software which is negatively impacting the performance of our network infrastructure. I do not know if these individuals are students, faculty or staff, but it will be necessary for me to disable access to this software in order to preserve the usability of the network. If this causes any inconvenience for anyone, please contact me.

Your Sysadmin Type Person.

Then just close all of the p2p ports. When people complain explain to them that their software is introducing viruses onto the network and eatting up all of the bandwidth. Then add their name to a list of 'troublemakers' and wait for the chance to hose them good... Or you can just compile a list and turn it in to the administration as a list of people who are violating the network usage policy (If one is in place).

Kintanon

Alienating Teachers (2)

Ioldanach (88584) | more than 12 years ago | (#3480428)

Unfortunately, as you probably are aware there's not much you're going to be able to do without alienating most of the teachers. Many teachers tend to react towards control of their resources very harshly, since they're used to being in a position of control.

In this case, I'd start with the usual corporate arsenal. Block unnecessary ports out, unless a teacher requests access to a particular port for a school project. Possibly put an http proxy server into place if there are particular sites that need to be blocked (but don't block carte blanche)

Unfortunately, these policies aren't going to make you friends with any of the teachers or students, so tell anyone who wants access to the blocked ports to just get approval from the principal or superintendent, and let them make the decision to unblock a port.

Re:Alienating Teachers (2)

SuiteSisterMary (123932) | more than 12 years ago | (#3480559)

Or, do some logging, then start closing down ports. When somebody complains, check their logs, and assuming that they're using said ports for stuff other than their jobs; i.e. piracy and pr0n, quietly inquire as to why they need such things. Then offer to grab a supervisor 'to act as an arbitrator; I don't want to seem like the harsh ogre here.' Then watch them flee like the cowards they are. Oh, and if your software can do it, unblock the ports at non-peak hours. Or implement QoS that lets the software run, but gives it lowest bandwidth priority. That way, ANYTHING else will take away their bandwidth, but if the link is idle anyway, they can rock. Unless you're running burstable. Then just mention the cost.

Deep Freeze (1)

CybrGuyRSB (410357) | more than 12 years ago | (#3480430)

This program is really annoying for students, but can solve all you problems. It's called Deep Freeze and it restores the hard drive back to a set state whenever the computer is restarted. Go here. [deepfreezeusa.com]

Re:Deep Freeze (0)

Anonymous Coward | more than 12 years ago | (#3480555)

Yea, we use ImageCast in a similar fashion. Whenever a user complains about a problem with their system, we just pop in a boot disk and stick a default image on it. We make sure to do this often enough that they get the idea that no customization (fonts, wallpapers, etc.) is safe. After a while they tend to realize it's not worth the bother.

This also tends to re-inforce the training they get which requires them to store all work product on the server, not on the local drive.

As for the policy, just draft it and take it to your supervisor to approve. He'll get the credit, but that's fine if gets you the authority to use your packet filters.

My two bits.. (1)

Mtn_Dewd (15169) | more than 12 years ago | (#3480433)

I would go to the administration and talk about it. They will probably want to ban it entirely, for most of that type have an intrinsic instinct to censor things of this nature. However, my suggestion is probably going to back them. Though I graduated high school within the last few years and would have completely disagreed at the time, I don't think it is wrong for you to disallow use of these programs whatsoever. The small benefit of freedom is far shied by the potential impact that this can have on the network (virii, bandwidth, etc). It is NOT wrong for you to deny users use of this at an educational institution. There really is no necessity for any software of that nature to perpetuate education.

I would have shot myself for saying something even rhyming with "censorship" back in the old times, but I realize the necessity under this situation. I'm not sure how you'll approach it, but I'll bet a lot of these chaps have some good things to say. Keep reading on!

alternatively... (1)

-ryan (115102) | more than 12 years ago | (#3480434)

you could always put a packet sniffer on the gateway and start emailing people the text of their online conversations and the searches they did on BearShare. That'd probably scare the shit out of them enough to stop.

Back in the Day. (2)

Renraku (518261) | more than 12 years ago | (#3480435)

At my old high school, it wasn't p2p that was the problem. It was people streaming shit from other networks. On our tiny t-1, we had at least 10 people in our room listening to rap at max volume playing full screen music videos streaming off of a server. The admin responded immediately to the threat by blocking off Slashdot, AntiOnline, Something Awful, and all the other sites I read. I promptly downloaded Kazaa and began to download anime to watch. Moral of this story is, find the real cause of the problem, and act on that, instead of just against the nerds.

Re:Back in the Day. (0)

Anonymous Coward | more than 12 years ago | (#3480552)

Renraku writes:
at least 10 people in our room listening to rap at max volume
playing full screen music videos streaming off of a server
Heh heh. Reminds me of this cartoon. [206.244.69.51]

introducing virii? (1)

Old Wolf (56093) | more than 12 years ago | (#3480437)

Since there's no such thing as a "virii" , introducing one should not be difficult to deal with

Don't block, Limit them (3, Interesting)

pe1rxq (141710) | more than 12 years ago | (#3480439)

Simple: don't block them, just limit traffic to and from the ports the p2p systems use.
With a linux firewall this is easy to do with qos and such.

They can still use p2p systems, you just limit the bandwidth to levels not harming genuine educational use. This shouldn't be hard to sell to your supervisors.

Jeroen

Can't stop the rock. (1)

qrys (153769) | more than 12 years ago | (#3480443)

If he blocks P2P for everyone where does he get hiz own warez?

Re:Can't stop the rock. (1)

isotope23 (210590) | more than 12 years ago | (#3480482)

Allow x.x.x.mymachine all all
deny all all

;-)

that's what happens (0)

Anonymous Coward | more than 12 years ago | (#3480445)

when bodies start slapping

enjoy the pr0n man, don't fight it. If you can't beat em, beat *it* bro.

As someone not long out of highschool... (2)

phyxeld (558628) | more than 12 years ago | (#3480448)

...I can tell you that you will be widely hated for your stance on this. But with limited bandwidth and the inhernt legal problems, I really can't blame you. I'd sugest that whatever means you find to stop people, you lay out the reasons why it absolutely cannot be tolerated at school, and mention that you don't view p2p file trading itself as bad, just the use of school resources for it.

A "no gnutella" policy alone without explained reasoning will just make you look like a typical asshole-school-administrator type, and that will only make your job more miserable.

make your views knows, give 'em 30 days (2, Insightful)

fiddlesticks (457600) | more than 12 years ago | (#3480457)

Hi.
I sympathise. These people aren't *evil* and they aren't *misguided*, they have just ben (ignored) and allowed to get away with too much useage for too long.

They are intelligent, else they wouldn't be teachers. So be reasonable.

Post something [physical] somewhere [physically] obvious and non-threatening.

'Hi I'm your new sysadmin. Nice to meet y'all. I have a problem: We have xKb/ month for education, and yKb/ month is being taken up with (all the things you are concerned about)

Here are my rules....(name them)

If anyone has a problem with these, I'd be really interested in your thoughts.
You can come find me in room z, or mail me at roomz.wherever

Regards

BOFH (or whatever your real name is)

__

I promise, this will shift 70, 80% of the problem, then you can start to worry about the ones that ignore this.

george

Quit (0)

Anonymous Coward | more than 12 years ago | (#3480460)

Without the backing of the higher ups, you are doomed to failure. Been there, done that, move along now as you will only end up beating your head against a wall. Another version: this fight is not worth as the people you are trying to serve do not care.

You're the admin? Act like one. (2)

Colin Smith (2679) | more than 12 years ago | (#3480464)

If you've been given responsibility of managing the networks and systems then you have been given the rights to stop whatever you see fit.

Computer networks are not democracies. Start closing accounts, add firewalls, put in traffic management, routing ACLs, file space quotas, virus scanning.

The administrators job is to make sure that the systems and networks function smoothly. If you're not up to that and the personality clashes that inevitably includes then you shouldn't be an administrator.

You don't need backed up by spineless management. *You* have the administrative control. Use it.

Hi, I'm from the RIAAA... (4, Funny)

rufusdufus (450462) | more than 12 years ago | (#3480467)

I am from the RIAAA [as far as you know] and am hereby officially notifying you, as an administrator or electronic services at your institution, to cease and desist illegal activity or face civil and criminal prosecution.

When they complain, just tell them you were given a cease and desist notice ;)

Re:Hi, I'm from the RIAAA... (1)

mph (7675) | more than 12 years ago | (#3480526)

I am from the RIAAA
Aren't those the people I call when my CD player breaks down and needs a tow?

hehe... (2)

rufusdufus (450462) | more than 12 years ago | (#3480571)

well it was supposed to be funny anyway :P

You've got all the argument you need (2)

SuperguyA1 (90398) | more than 12 years ago | (#3480469)

... but shutting them down is neccesary to maintain harmony (and legality)

That right there is all the argument you need. These services are being used for illigal purposes.
Every school I've ever heard of is so scared of lawsuits they can barely teach their students. Tell anyone who complains to tell the principal who will almost certainly side on the 'legally safe' side.

You're pretty harsh.. (0)

Anonymous Coward | more than 12 years ago | (#3480473)

I am taking over after a bunch of goofballs have really messed things up ... I have near infinite problems, but the hairiest are with ... P2P file sharing programs ... I have virtually no policy to back me up ... and ... I don't have the authority to pen new policies myself

Hmm, are you sure those "goofballs" really "messed things up"?

Sounds like a problem with administration. Maybe the "goofballs" you're referring to were simply working with what they had.

The technical term for your problem is between a rock and a hard place. You need to fix the problem with the administration.

If you don't fix the problem with administration, when you leave, the person who replaces you probably have the same opinion of you that you have of the "goofballs" you're taking over from. (and maybe think about that before you publically insult someone next time.)

Scare the school administration (1)

sgtsanity (568914) | more than 12 years ago | (#3480476)

Just tell them about the legal liability issues involved with downloading virii and warez. If anything, schools are afraid of lawsuits. They'll do pretty much anything if there's a threat of being sued. Or you could just take your problems to the local news and offer them some cheap "investigative reporting".

Oops slip finger! (0)

Anonymous Coward | more than 12 years ago | (#3480478)

YOU MUST MAKE + GLUE OOPS SLIP FINGER
YOU! AS MEDIA USSR!!!

oops slip finger
changes hasn't get in yet
now there is

http://www.cafepress.com/cp/store/store.aspx?sto re id=cyber0ne9

SUPPORT P2P PROGRAMS ON K-12 NETWORKS! YOU! AS MEDIA USSR!

the other way around (1)

gsaraber (46165) | more than 12 years ago | (#3480481)

Do it the other way around, instead of shutting off access, have a meeting, talk to them, find out what they are using it for, if its anything legal great, let them know its eating up a lot of bandwith and that you may have to throttle it (linux CBQ stuff is great for that)..
if they cant come up with a legal use your problem is solved :)

you pretty much said it. (1)

CaptainAbstraction (43162) | more than 12 years ago | (#3480483)

How to introduce new policies to supervisors? Reread what you said in the story you posted. You outlined the core issues regarding the inappropriate use of bandwidth and its affect on the network and potential liabilities for the school. Done.

Keep it simple. Don't be afraid of "offending" or "alienating" people. They are bandwidth abusers.

But here's a question. Do the bandwidth abusers include people who are "over-your-head?" If so, just go straight to the principal. Be candid.

Just one thing. Don't let yourself fall into the role of "bandwidth police". It sucks and everyone will hate you.

Let us know how things turn out.

-Captain Abstraction

Hmm... (3, Insightful)

ryanr (30917) | more than 12 years ago | (#3480484)

Let's see... you have no policy, you can't get one, you can't just cut people off....

You could make the P2P stuff run so slow as to be useless... or you could send your own trojans that will erase the drives of the problem users...or you could send them porn, and get them fired...(oh, and don't get caught doing any of the above.)

Or, perhaps you're just screwed because you're trying to enforce rules where you have no authority to do so. I'm not neccessarily saying you shouldn't have the authority... just that you clearly don't, and any attempt to enforce your idea of policy is bound to cause you trouble. You time is probably best spent figuring out how to get a policy.

Blocking the ports is easy. Here's a creative one (-1, Offtopic)

Anti-Microsoft Troll (577475) | more than 12 years ago | (#3480486)

Instead of firewalling the ports P2P uses, try this:

Install Windows XP on every workstation. They'll be so busy crashing, rebooting, re-authenticating, and having their system resources hogged, they won't have a chance to do any filesharing.

Plus, Windows will make them listen to music using Media Player, which will make them want to jam icepicks in their ears. Goodbye P2P!

How about ... (1)

binaryDigit (557647) | more than 12 years ago | (#3480487)

You say that you can't enact policy and that the teachers are not covered by any current policy. I assume then that means that students are. You could therefore enact measures that also affect the teachers and claim that those measures must be taken to ensure that students can not circumvent the policy. Therefore if you shutdown ALL outgoing ports and force users through a proxy, you can claim that it is the only effective way of preventing misuse by the students.

So far... (1)

1155 (538047) | more than 12 years ago | (#3480489)

So far, there have been comments on a few things:

Blocking ports:

Good idea in any situation. This allows for the non-adept users to be halted. The adept ones will realize that you can check a box in most programs, or change the port, and it will go through.

Throttling traffic to a crawl:

A good initial idea, but this will lead to teachers complaining about the network being slow in general, and when you ask what they are doing when it is slow, they will "Not know". Think on this if you are going to do it. See the "blocking ports" section.

Informing teachers:

Remember when someone younger than you told you that you couldn't do something? Did you listen? Most likely not, and this may or may not be any different. It is probably a good idea to do it anyways, seeing how some will get onto others for doing it. Tell them that they are taking away from other needed resources, such as books for their department. Back this up though, show them documents. Teachers are normally good with realizing what is good to do and not good to do, if you show them as to why. Least mine were.

One other aspect you could try. Disallowing certain apps from even entering the network. Setup your dns to go to 127.0.0.1 for musiccity.com or kazaa.com. This is a pretty cheasy work-around, but most teachers will not know a way around it.

One last though, perhaps. Allow them to use it for a set amount of bandwidth. Once the bandwidth is eaten for the month, tell them all they have to wait till next month. This way they get what they want, and you get what you want.

Cheers

What to do, half serious (4, Funny)

PD (9577) | more than 12 years ago | (#3480490)

If you block the P2P software and make it the official policy that it should not be used, document that thoroughly. Make sure that it's expressly for the purpose of keeping unlicensed software out of your system. Then, insist that everyone show their licenses for their software. Put up big posters explaining that you are doing this because it's important to comply with the law. Become the biggest pain in the butt to everyone who opposes you.

Then, just before you think they've all had enough of you and can fire you, call the BSA on yourself. When that phone call from the BSA comes, you can point at all your policies and say that all along you were just trying to avoid that exact situation. Suddenly all the babies who were crying because you took away their Kazaa will be viewed as the real problem in the organization. You will have achieved Total Management Support (TM).

How to implement a policy (2, Interesting)

rongage (237813) | more than 12 years ago | (#3480491)

What I have done in the past is to write out the policy in a form that would only require a signature. Then present it to the powers that be. If they need explainations, then explain why this policy is necessary.

The trick overall is to do as much legwork as possible so the boss has very little to do but read and sign. If you approach the boss saying "I need you to write a policy to ban people downloading porn." then you add to your bosses workload. If you say "Here is a policy that prohibits downloading porn on the network, please approve it", then the bosses time committment is significantly reduced and the likelyhood of it being implemented is high.

Of course, stay on it, daily if needed. It may not hurt to create a graph or two showing bandwidth utilization vs. time of day, broken down by workstation. It would probably be even better if use used something to capture the stream so you could show your boss exactly what these people are doing.

If all that doesn't work, don't be afraid to document (via email or other dated message delivery service like sending it to yourself in a USPS letter) everything that you asked to have happen, when you asked, the results, etc, etc... create the paper trail. Then be prepared to go above the boss (PTA, School Board, Press).

chill out, then punt (0)

Anonymous Coward | more than 12 years ago | (#3480493)

While I sympathize with you, my many years of experience have taught me that one man crusades are fatal to the psyche and morale. Do your best of course. Report the problem so that it is on the record in writing somewhere. This will cover your ass at some future date. Then make sure you buck the ball into someone else's court. It really doesn't pay to fight the system. And it wouldn't hurt to start looking around for a better situation with another employer either.

Cover your ass (2, Interesting)

grendel's mom (550034) | more than 12 years ago | (#3480498)


Been there, done that, nearly got sued.

Block the ports. Clearly (and simply) explain the problem. Tell them that your supervisor must make that kind of (legal) call.

Talk to your supervisor/Dean/Principle. Make *them* sign off on any open ports/applications.

Education. (4, Insightful)

tcc (140386) | more than 12 years ago | (#3480502)

You're in a school, this is would be one of the BEST environment to educate the people about all of these issues. You'll say that some people won't give a rat, but that's like in society in general, if people don't give a rat and anarchy reigns, stronger measure needs to be taken.

I might have gotten something wrong but if you're managing the network, usually it falls within your responsibilities to make sure to implement EVERYTHING (including some policy, or at least submitting them) for the proper operation of the network, which includes both load balancing, security and legality (to a certain extent, at least proving that you thought about it and implemented it to a certain level won't hurt).

Now if we tell you to cut down trees for a paper company and we hand you a kitchen knife, you'll say "you're crazy", well same goes with being an admin, if you're ADMIN and you can't do zit, it's a big issue. If it was a mess before you arrived, probably that the organization was a mess in the first place, I'd document everything, put up a structure of the network and who's responsible for what, limit the number of people that have "power" over the administration because as we all know, the more admins on a box, the more potential problems. So you have to do your part, be professionnal, use people's experience and be opened to suggestion, but at the same time, document every problem, and don't always go to your supervisor saying all of the problems, he's probably already familiar with them, for every problem, bring in a solution or two with arguments and documented facts (and normally supervisors like having a choice and feel like they did the work so... use that to your advantage).

As for the P2P application, I've fixed the problem at work, I've putted QoS and 1-2K/s on the total bandwidth, it's transparent "it's still working so I didn't do anything" and when those dead weights would come and see me "well probably its not optimized for our network structure and I have enough work to do, if this is a priority, go see your manager or big boss". It's politically correct since you didn't block the port and the user has no idea on what's really going on (unless reading slashdot :) ) , and it put the user in a situation where he would have to go look his manager to ask to waste time leeching (which he will obviously won't do :) ) and I get no heat. Dunno up to what it could extend since where I work most people are reasonable and mature, and school isn't the same environment, but then again, it's a suggestion and I'm sure a lot of people here will have many more.

Good luck.

I agree (1)

theVitViper (572365) | more than 12 years ago | (#3480503)

Block the ports these programs use! This has been an issue at my school (at which I am a student that loves using the 10 MBps fiber connection for filesharing :D). The network administration didn't even bother to tell us they were doing it. They just blocked the ports. No one complained because everyone understood that it was illegal to use these programs at school. If anybody bothers you, explain the legality problems with downloading warex/mp3s/movies, especially when the school administration can be held liable.

Talk with a computer illiterate supervisor. (0)

Anonymous Coward | more than 12 years ago | (#3480504)

It would be so simple, talk to a computer illiterate supervisor, tell them you have a big problem with something, act suprised when they tell you you should talk with supervisor x, and have said computer illiterate supervisor introduce your problem to supervisor x, and you take it from there.

heres what I would do. (0)

Anonymous Coward | more than 12 years ago | (#3480509)

depending on the setup just restrict access from the network to the net. block the ports. make it so you can't install programs unless you are in admin mode. basically go Nazi on them. they will learn.

QoS (1)

donour (445617) | more than 12 years ago | (#3480511)

That's what Qualtity of Service is for. Slowly throttle back the bandwidth allocated to "non-critical" IT tasks. This doesn't need a major change in the admin mindset, it's just good management.

Judicious use of DUMMYNET (5, Informative)

rhizome (115711) | more than 12 years ago | (#3480513)

Use a FreeBSD gateway machine with DUMMYNET. FreeBSD can be configured so that it: a) doesn't have to replace the existing firewall; and b) is invisible so it doesn't show up on traceroutes. This is so that clueful users are not tipped off in a way that lets them complain like pornhounds on a free NNTP service. DUMMYNET will let you set up bandwidth policies based on (groups of) IPs, ports, and more. Client subnets can have full bandwidth on port 80, but the gateway can shut them down to 28.8 on the P2P ports. The possibilities are really open in a situation like this, and any junk computer can be used.

You damn IT people don't know how to play ball (0)

IAgreeWithThisPost (550896) | more than 12 years ago | (#3480515)

You go to the beancounters and draw up how much the "extracullicular" activities are costing the district. You then bring that to the powers that be, and you will have instant carte blance to block it all down.

There is one flaw in this plan...It does not take into account any and all companies servicing bandwith or other computer services to the district, that happen to be the brother/sister/uncle/old frat brothers/wife or otherwise owned by someone with a relationship to a person or persons on the school board. In this case, you are fucked.

Except..there is the third option. This involves shutting down the activities regardless of permission, and then using IT buzzwords to scare the higher ups into submission.

game on.

Firewall (1)

kawaichan (527006) | more than 12 years ago | (#3480520)

Why don't you guys try to use Firewall to block all the traffics except HTTP/SMTP/POP

I know that won't solve all the problems, but at least it's the first step

Inform the head (1)

CptSkydrop (577286) | more than 12 years ago | (#3480521)

Inform the head that illegal activies could take place using such software, virus' may require extra budget to clean up and bandwidth doesnt go to proper educational use. he or she will probably ask you to implement any measures you deam fit to block the software and also let the users of the network know that what there doing is not on.

So what if you alienate the users on the network, your a computer person, which usually means your alienated already.

Get a T3 pipe! (n/t) (0)

Anonymous Coward | more than 12 years ago | (#3480528)

(n/t)

Get the right materials (1)

craighmac.com (561028) | more than 12 years ago | (#3480536)

contact the Technology Coordinator at Bay City Public Schools (Bay City, MI) (http://www.bcschools.net) He would be able to share with ayou a handbook that We put together that may help your situation.

talk to the district lawyer (0)

Anonymous Coward | more than 12 years ago | (#3480539)

Write a nicely worded, simple letter or memo on district letter head that states the following:

1) You have seen and witnessed 'warez' downloading
2) You know that various people are habitually breaking the copyright laws.
3) That you feel that a policy needs to be written that addresses these concerns.
4) Tell them you know what this thing needs to say, but don't know how to write the 'legal mumbo-jumbo' that would make it an offical policy and procedure.
5) Site a few specific examples of the problems, tell them that these are but only a few examples.

What ever you do, do not shotgun this to everybody out there - you will burn more bridges then you want to.

The last thing a district wants is big legal problems.

Send the memo to your boss.

Create a paper trail.

Confirm your conversations about this back to your boss, "So that I understand what we discussed to day... you said: blah blah blah"

If you don't get a good answer in 5 days.

Take this to the next level in the district.

You probably have this chain of command:

a) Your boss - the "computer person"
b) the superentendent of the system
c) The school board.

Within 4 weeks, you should be at the school board level.

At that point - it's out of your hands.

Assistance (0)

Anonymous Coward | more than 12 years ago | (#3480540)

At my school, we have computer lab aides. They are given more rights than other students and help remove these applications. There's not that many, but it does help. Also, suppose one of the students who has been using this just happens to lose everything in their account. Whoopsy, that's what these things can do. Nothing you can do about it now ;)

Bandwidth Throttle (2)

Computer! (412422) | more than 12 years ago | (#3480541)

As a coder and not an admin, I can't agree completely that P2P programs have absolutely no educational value.

In addition, isn't bandwidth wasted if it's not completely used? A good idea would be to find an acceptable bandwidth limit per workstation (total, and throttle each machine to that limit. That way, it doesn't matter what they're doing, they won't be hurting anyone else.

Although the complaints about viruses seem legitimate, I've never gotten one from an mp3.

The possibility of legal exposure isn't your concern. You're a network admin, not a lawyer.

Get some authority (1)

Crayola (250908) | more than 12 years ago | (#3480543)

Trying to push a change on the system without support from higher up is a sure road to pain. Microsoft and the BSA have been kind enough to start hitting schools up for software audits and so forth, so collecting news clippings from those stories should provide a large-dollar incentive for change.


The next step is get some policy together regarding appropriate usage, and throwing some carrots in there about privacy, etc. as long as resources aren't abused, court orders, etc. should help ease the pain, along with a few days for people to burn their warez onto CD and clean up their own mess.


Then you need to go through with the heavy duty broom and for heavens sake, get your license documentation in order before you get audited.

that's a tough situation (3, Insightful)

cballowe (318307) | more than 12 years ago | (#3480547)

First thing to do is ask them if they were happy with the level of support they had before. Since you are claiming that some goofballs messed things up, it's best to start with the goofballs and try to define what they did and didn't do right. I wouldn't expect most K-12 institutions to have a good network security policy in place.

In order to get one defined, you need to start talking to administrators. Find out which services they desire to provide and which they don't. Point out that most security and network use policies these days start by defining what you are allowed to do and blocking the rest of the traffic. Put out an request to the staff that they give you a list of applications that they use for purposes of education and then get a group together to review that list. If something strikes you as questionable, ask the person to justify it.

You'll also, more than likely, want to get a list put together of officially supported software and a procedure for getting a piece of software onto the officially supported list. This keeps people from coming to you and saying "I can't download files with Morpheus" because you can just say "Is it on this list? No? Then not my problem." Part of the process of getting something on that list might be a written justification of why it should be there, and for comercial software proof of license.

You don't want to be the only one makeing decisions. You should get a committee together. You'll want an administrator and a staff member on the committee. Decisions about what will and will not be supported will be made by the committee. You need these people because they understand the classroom, that's not your job.

If it comes to it, you might want to take a look at your job description. Figure out what parts of your job you can do, and which parts will need a more defined policy to enable you to do your job properly. This is important -- if your job description says "support educational activities requireing network access and use of the internet," whacking traffic that doesn't fall into those categories is clearly a part of your job as it increases bandwidth availability for educational purposes. When somebody complains, you need something you can point to for the purpose of defending your actions.

Start at the top, schedule some meetings with administrators and express your concerns to them. Most school administrators are reasonable people and when you explain that these things are necessary for a smooth running system they'll understand. Also, most school administrators are scared sh*tless of the words "potential lawsuit", don't be afraid to use it.

Good luck (1)

SONET (20808) | more than 12 years ago | (#3480550)

I dealt with this for many years in the public schools. The simple answer to dealing with the supervisors is... don't. They don't understand the technology, they don't have time for it, and they often use their egos to make the decisions anyways. Use good reason and implement the necessary things as you and your staff see fit, then apologize later. Chances are you won't need to apologize, they will be too busy thanking you. Use your state technology plan as a guideline and refer to the one for your particular district if they have one.

I know it's cruel, but reality is sometimes that way. I tried doing it the 'right way' for three years, but things remained in disarray and nothing ever got done. In fact, that's probably why things are as bad as they are where you are now - people went about things the 'right way'.

If you haven't worked for a public K-12 school district you have no room to argue what I'm saying - you haven't been there. I've seen trivial topics go into meetings and get held up for six months to a year in the system, and that is when the money is already appropriated.

School districts need to learn to let competent people do their jobs. They hire them, underpay them, then micromanage them until they get burned out or quit.

Feel free to e-mail me if you want to talk specifics. My address is spamme at socal.rr.com

Good luck
--SONET

proxy server (0)

Anonymous Coward | more than 12 years ago | (#3480553)

Since you don't have the capability to dictate policy, try to sell your superiors on the idea of a proxy server, such as Squid.
Give the the line of acceleration of downloads by caching. They will like that you are trying to make better use of the bandwidth that you have. Also sell them in the direction of a small (CPU, memory) box with a big HD for the cache.
Later during implementation, tell them that your firewall needs to be locked down to only allow connection from the proxy and other essential boxes (try for only servers that need the outside access, go from there). After you have everyone going through the proxy you can lock down from there to prevent P2P programs from going to the internet. It doesn't get you all the way out of the tunnel, but you can see the light at the end.

mind your own fucking business, Mr. Net-nanny (0)

Anonymous Coward | more than 12 years ago | (#3480554)

Keep the network going and mind your own fucking business, you dumb fucker.

Play the game... (1)

Galen Wolffit (188146) | more than 12 years ago | (#3480560)

I'd suggest thinking about playing the political game - sometimes it actually is effective. Are there existing policies, that, if applied correctly, can be used to shut down p2p sharing programs? For example, are there policies regarding personal use of computers? You could use that to stop or slow down serious offenders. Are there policies about scanning of files brought in from outside, for viruses? You can use that to install a virus scanner on every system, or disable programs which violate that policy. If you have the authority to enforce existing policies, you may be able to find a way to use those policies to accomplish your goals. And, if you get called on it, you can always use those policies to back up your position. As long as you can rightfully claim you were enforcing existing rules, you should be safe.

Filter it! (1)

ripewithdecay (573894) | more than 12 years ago | (#3480566)

My HS uses a proxy server that filters unwanted material. Even though it sometimes filters out some wanted stuff, and as we discovered from a recent incident, it doesn't filter out some unwanted stuff. But for the most part, it does the job.

Use Quality of Service to keep P2P traffic low (2)

PureFiction (10256) | more than 12 years ago | (#3480567)

Linux 2.4.x networking supports traffic control / quality of service.

Read up on the advanced networking: http://www.fibrespeed.net/~mbabcock/linux/qos_tc/ [fibrespeed.net]

I use this on my home network to keep bandwidth usage allocated correctly on my cable modem connection. It works great. I have 20ms latency while gnutella, kazaa, and FTP uploads are all running concurrently.

This prevents you from the task of blocking them out completely, while ensuring that high priority student/teacher use of the net remains fast.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?