On Sun, 14 Mar 2004 08:55:09 -0700 (MST), guy wrote:
I can think of one university who requires students to login through a web
portal before giving them a routable address. This is such a waste of time for both parties.
Translation: "It is too much trouble for us to keep the kids from throwing trash out the dorm windows, so we'll just let the public pay for cleaning up our mess every morning."
On Sun, 14 Mar 2004 23:00:01 +0700, "Dr. Jeffrey Race" <jrace@attglobal.net> said:
On Sun, 14 Mar 2004 08:55:09 -0700 (MST), guy wrote:
I can think of one university who requires students to login through a web
portal before giving them a routable address. This is such a waste of time for both parties.
Translation:
"It is too much trouble for us to keep the kids from throwing trash out the dorm windows, so we'll just let the public pay for cleaning up our mess every morning."
No - go back and re-read what he said. He specifically stated that since we already *know* what port of what switch the user is on, and we know that the other end of the wire is in a specific dorm room, there's no real additional gain in making them authenticate. So a better analogy is "We don't need to go knock on every door on the floor, because we already know the trash is coming out the 3rd window from the end...." If it's not a waste of time in that case, it's not a waste of time to do the same thing for *every* user, even if we "already know" what office the cable terminates in. Just out of curiosity, does your site policy require you to authenticate on your office port before you can get out to the rest of the world? (I don't know about your wiring, but our average dorm room wiring is more physically secure (being inside walls and all that) than the cat5 that runs to the docking station I'm on - at least the last 40 feet or so is semi-exposed and easily accessible in the cabling chase at the bottom of the cubicle walls)... (For the record, our general policy is that if we already know where the other end of the wire is, we don't require authentication, but things like the modem pool require a userid/password, and the wireless won't DCHP unless you've registered your MAC address. Yes, I know they're spoofable. Yes, we recognize the issues.. :) Now re-run the whole cost-benefit ratio, and consider that the *biggest* issue for security is *legitimate users* who happen to have acquired some sort of malware on their machine......
participants (2)
-
Dr. Jeffrey Race
-
Valdis.Kletnieks@vt.edu