×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Solution For College's Bad Network Policy?

larsu Re:That's insane. (699 comments)

I manage a team of network admins at a university that uses the same software as CMU. The software does have agents available for Mac and Linux too.

Stupid question, what if your machine is a Mac or Linux box? This "Client Security Agent" seems to be a Windows-only beast. Whatever it is, it would be a cold day in hell before I let a university that I'm paying money to dictate that I have to have their software on my machine to use the Internet access that my tuition and fees are paying for!

Here's the problem. The IT staff has a number of conflicting expectations for the network. There are N-1 other students at the university also paying tuition and they also expect the network to work. School administration expects it to work, with priority given to academic purposes. While it isn't ideal to require that students trust our software to run on their computer, it allows the school's IT staff to ensure computers comply with policy (current AV, anti-spyware, etc), and that computers that are causing network problems can be quickly identified and the problem mitigated. (And believe me, a comprehensive network access system greatly speeds problem resolution, both for the network and the student.) Keeping bad computers off the network lets the network keep working for everyone else that didn't mess up their computer with malicious software. It'd be nice to somehow exempt students that know what they're doing from this intrusive, annoying process. But like many things, a few bad apples ruin it for everyone.

The software allows policies to be set for AV existence and version, anti-spyware, and OS version and updates. It also allows custom scans to be written to check for files and registry keys. No other info gets sent to the administrators other than if you have failed or passed such a scan. No one is spying on you, or cares that much about what's on your computer. They just want the network to work.

There are agentless NAC solutions available, but they are more annoying for the user and less correct for the administrators. Having no NAC really isn't a feasible option anymore for schools of any decent size, as they need to comply with CALEA and respond to RIAA, REN-ISAC, and other internal/external complaints. If you don't trust your school, and are that concerned about running untrusted code from a vendor picked by your school, then don't. Don't use the network, and have fun with your protest. The administrators aren't forcing this upon the students because they're unsympathetic to their concerns. But rather, because they need to serve all students well.

more than 4 years ago
top

Most Accurate TV Geek

larsu Missing option: Gimpy (886 comments)

My vote is for Gimpy from Undergrads. Gimpy could _rarely_ be dragged away from his computer / dorm room. He was a Star Wars geek, and actively worked to convert Star Trek geeks. He had an Apple II doorstop. And he once overloaded the circuit for the entire dorm with all his computer gear plus a hot plate.

Great show.

more than 8 years ago

Submissions

larsu hasn't submitted any stories.

Journals

larsu has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...