[Planetlab-users] unc.edu planetlab nodes
Larry Peterson
llp at CS.Princeton.EDU
Fri Sep 7 11:07:05 EDT 2007
I'm not sure if this is what you have in mind, but it is very common
(even recommended) configuration is for Universities to put their
PlanetLab machines in a DMZ: outside their campus firewall.
Having the machines behind a firewall and IDS is problematic for
many reasons.
Larry
On 9/6/07, bil <bil_hays at unc.edu> wrote:
> All,
> We have been asked by the local security folks at ITS (our main campus IT
> group) to take a look at the security of the planetlab machines here at
> unc.edu. One of the options they are considering is limiting access from
> our two planetlab machines to the cs.unc.edu subdomain (so that only
> cs.unc.edu machines could be affected if the planetlab systems were somehow
> compromised and were used for a malicious purpose inside of the unc.edu ip
> domain.
>
> My feeling is that it would be better to have these machines open on the
> internet side and to cs.unc.edu than to have them behind an IDS or IPS
> system (which is the case now).
>
> This begs a very important question: would any of the research that is
> being carried out on these systems be adversely affected if such a
> restriction were imposed? Details on any adverse affects would be greatly
> appreciated.
>
> Also, if any out there has had similar conversations with university
> security personnel, I'd appreciate hearing what the outcome was.
>
> Please reply by direct email, I'm not on the planetlab list, and thanks in
> advance for any data you can send me,
> bil
>
>
>
> --
>
> ________________________
> bil hays
> Network Manager
> Computer Science, UNC CH
>
> _______________________________________________
> Users mailing list: Users at lists.planet-lab.org
> https://lists.planet-lab.org/mailman/listinfo/users
>
>
More information about the Users
mailing list