[ale] VPN connections at Emory
Brian MacLeod
nym.bnm at gmail.com
Tue Jan 22 14:43:53 EST 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 1/22/13 1:38 PM, Ron Frazier (ALE) wrote:
> The TOS at most institutions forbid guest access to wired ports.
> But, we won't mention that. I don't know about this specific
> institution.
It is forbidden to connect a network device to such ports. If it were
policy to forbid any guest access to wired ports, then that connection
would not be there. What they should do is wall that off behind the
same security as the wireless, but that's an operational choice by
Emory and it's not going to change here. I know at Tech and at my
previous institution (Georgia Gwinnett), all publicly exposed network
ports were either dead or secured/throttled as the wireless was.
> Un natted connections sound a bit disturbing. I would think the
> whole institution would be running on a giant nat. Even so, I
> think a Windows machine should be OK as long as the OS firewall
> was running.
I can't even begin to state how wrong this is. The vulnerabilities
(even with OS firewall on) are far too great to allow this type of
connection. But honestly, a lot of this part of the discussion would
be moot if the wired connection provided was secured as above.
Just because I have a box running linux, I take great caution
connecting to such networks because who knows what will come at my box
as soon as I connect.
> Re VPN, I was running hotspotvpn on Windows the other night at the
> meeting on the wireless. I was using HTTP protocol as far as what
> the menu says. I assume it was using SSL on 443. I think it runs
> OpenVPN under the covers.
Right...so...same result...
bnm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQE4BAEBCAAiBQJQ/uv5Gxhoa3A6Ly9rZXlzZXJ2ZXIudWJ1bnR1LmNvbQAKCRD5
XCJY/q4Y6D94B/46sy9RLBGPFIuGxbvqtLRUPbhrEFKByVhuM2f4tKfNVxaBk6Lk
Y67o9Btu1ezuB2dKSp4JsWPBCCFik3Nip9AMkYAw6YT3C+cYajo290cacWrA0t/1
jZegT4gxEFkjSfSN5uGqH5cx7ATbmobbxokEhROOuszuiBSnGXj9cOFlDF2B09aM
K+b4u/H4s6VMDKilfaRzi60IRWFsvTQ/zYzN98GkpV30MNB759EiZDH68uC9FiWo
7669vOXhAcahJDO/oxrVx6dBsMFm2DzM/o6vM5Y/YAzkzT7qKi1nwT5dDcy7M5AJ
YdaLt4GmrGw44n6Njp8oDsTQo3nj+vuTjxni
=r36A
-----END PGP SIGNATURE-----
More information about the Ale
mailing list