Re: large campus network ... sugestions

Hello,

Regarding horatio, which seems interesting, I wonder how it does the filtering. If it just creates iptables rules based on IP, if users can sniff traffic (i.e. unencrypted wireless), they could change their mac address and IP and try to trick Horatio into thinking they are a "valid" user... Or maybe I am wrong.

Regards,

Jonas Andradas

On Dec 14, 2007 7:40 PM, Adrian Minta <adrian.minta@gmail.com> wrote:
> Tirla Adrian wrote:
> > Hello,
> >
> > I`m currently one of the network administrators of a 3000+ students
> > and i have some issues maintaining security, authentication ... and
> > quality of service ...
> >
> >
>
> 1. For authentication you may use something like:
> http://horatio.sourceforge.net
> 2. Block outgoing connection on ports like: 25, 445, 137-139, block
> multicast, broadcast and bogons.
> 3. To save bandwidth use transparent proxy.
> 4. Limit each IP to a maximum bandwidth using HTB and especially limit
> NAT translation per IP to a reasonably small amount ( 32 should be fine
> if you are not allowing P2P).
>
> --
> Best regards,
> Adrian Minta MA3173-RIPE, MA314-ROTLD, www.minta.ro
>
>
>
>
>
> --
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org