Results 1 to 5 of 5
  1. #1
    4 Star Lounger
    Join Date
    Mar 2004
    Location
    Griffith, New South Wales, Australia
    Posts
    507
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Issues and implications ...

    I am not sure where to post this question, so here I am. I am fishing for information.

    One of my clients has a training lab for desktop application training. It runs as a workgroup and has internet access through the company's internet connection. It is nearly all a Microsoft installation, except for a legacy FreeBSD proxy server (which is supported by someone other than me).

    I have had a request from a community group to use our lab to demonstrate the differences between Microsoft and Liux operating systems. The tutor for this workshop wants to bring in his own hardware.

    I have never been comfortable with my lack of knowledge of the proxy server (but there is a limit to time and what gets learnt and what gets left on the pile for another day).

    I am not happy with allowing someone to bring their own hardware to hook into the network, but I dont know enough about the issues to give them an intelligent response.

    So the questions are:
    should I be worried?
    of what?
    what should I say to them as an answer?

    Thanks

  2. #2
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,585
    Thanks
    5
    Thanked 1,059 Times in 928 Posts

    Re: Issues and implications ...

    The biggest worry when someone attaches an PC to your network is malware. You don't know that the PC is 'clean'. If you trust the organization and trainer you'll probably be OK. What operating system are you running internally? You want to make sure that the foreign PC can't access your internal resources (i.e. shared folders) unless required for the demo.

    Joe
    Joe

  3. #3
    4 Star Lounger
    Join Date
    Mar 2004
    Location
    Griffith, New South Wales, Australia
    Posts
    507
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Issues and implications ...

    Hi Joe,

    My desktops run XP pro with SP2 and all the updates. My 'non lab' machines are all in the company's domain and administered through AD. The lab machines are on a workgroup. They use the gateway to get out on to the internet. There only one account on the lab machines (aside from the admin) and that is not in the AD so using that account a user cannot get into the domain resources with out a password. I know that the domain admin password is stroung, but I cannot say that about the other users.

    The tutor wants to bring in his hardware loaded with Linux, but he did not say which flavour.

    But I agree that the most serious issue is that of how clean the introduced machine is. I have no way of telling that.

  4. #4
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,585
    Thanks
    5
    Thanked 1,059 Times in 928 Posts

    Re: Issues and implications ...

    As long as the lab PCs are isolated from your domain you should be OK there. But (there's always one isn't there <img src=/S/grin.gif border=0 alt=grin width=15 height=15>), the foreign PC is already on the 'inside' of your firewall. So, unless the tutor is very trustworthy I'd have someone monitor the network activity while he can access your network. Maybe that is being a paranoid and cynical but too bad.

    Joe
    Joe

  5. #5
    4 Star Lounger
    Join Date
    Mar 2004
    Location
    Griffith, New South Wales, Australia
    Posts
    507
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Issues and implications ...

    Thanks again, Joe.

    You have confirmed my gut feeling that this is not a good thing to do. I think that we need to be paranoid and cynical about what can happen to our systems. Isn't risk assessment part of this?

    As for someone monitoring the network at the time - I can't see that it will happen. The workshop has been requested for a Saturday and they are are a non-profit group who are asking for the use of the room and network for free. That means wages for someone to do the monitoring with no compensation to my client. I can see that it wont happen. Now I have what I need to knock back the request.

    Thanks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •