What we are getting to here is similar to what happened a hundred years ago with the automobile. When there were very few cars on the road, one didn't need to pass a drivers exam to drive and there was not much licensing of drivers. Most drivers were professionals (chauffeurs) so it was not much of a problem. But then automobiles became available for the middle class and people used them for day to day activities. The result was an explosion of accidents, collisions and thefts. The result was a clamour for licensing to keep the kiddies off the street. When you left your own driveway, there were traffic lights, stop signs and eventually our whole road system. Nowadays, we could not even conceive of allowing 10 year olds to driver or letting anyone who purchases a car on the road without a licensed vehicle and a license for the driver. Just as a safety certificate is required to get on a highway (but not on your private property), we need a server certificate for connecting to the internet, managed by a sysadmin with some credentials. -----Original Message----- From: firewalls-owner@Lists.GNAC.NET [mailto:firewalls-owner@Lists.GNAC.NET]On Behalf Of Gary Flynn Sent: Friday, June 08, 2001 13:26 To: 'Firewalls@Lists.GNAC.NET' Subject: Re: This is a must read document. (.edu and ISP perspective) "Young, Beth A." wrote: > > 1. Departments on Univ campuses are run like individual fiefdoms. As the nature of our computing environment has changed, and with it the incidents and effects of computer abuse, computer security has become more like public safety, telecommunications, and other issues critical to the organization as a whole. Some universities have already recognized this: http://www.itc.virginia.edu/security/policyguide.html > 2. Students in Residential housing. This is changing too. From the policy referenced above: =========================================================== Scope This policy applies to anyone in the university community owning or overseeing the use of a computing device of any type connected to the University of Virginia network, including but not limited to: <snip-gf> b. Faculty, staff, students and other individuals who have devices connected to UVa's network, even if those devices were acquired personally, i.e. not with university or grant funds; =========================================================== I think it is important to recognize that the the model of tens of thousands of student residence computers connected to a high bandwidth network is no different than the growing cable and DSL connected home computers. I read one report that estimates that in 2002 there will be 17,000,000 computers connected in this manner. While a university may scan on-campus residence networks for vulnerabilities and limit access accordingly, who is going to do it for those 17,000,000 home computers? -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/info-security/engineering/runsafe.shtml - [To unsubscribe, send mail to majordomo@lists.gnac.net with "unsubscribe firewalls" in the body of the message.]