>I'm from a small liberal arts college and I am trying to fight a political
>battle with a few faculty to implement a firewall at our site. The
>computer science faculty at our college believe that security is only a
>hindrance and that a firewall will hamper their "academic freedom".
The faculty needs to understand why "wide open" access is not good from a
security and risk perspective. The campus Enterprise will be exposed to
all forms of attacks from numerous network services. Would suggest that
you build a case as to why a firewall is needed. You have a lot of sources
to back up your claims. You should look at the recent USENIX security
proceedings, they have articles on particular break-ins. The breakin at
Texas A&M University is a good example of the different types of attacks
that can be launched at an unprotected Enterprise. The CERT incident
figures are also good to cite. You also have to identify your major
security concerns. What will happen if the University President reads
about a breakin to his University in the morning paper. Is this
acceptable?
The other thought is that you can make a case that a firewall can save
money. Without a firewall, one has to ensure that all of the campus
computers are secure on a daily basis. With a firewall, you can reduce
your zone of risk to the firewall machines. Security for campus machines
is still important. However, without a firewall, the University is relying
on daily security of its machines. This is not practical, especially if
the campus has hundreds of machines.
I like Marcus' suggestion. I wonder if this issue has to be raised to a
higher faculty level (e.g., President), since the potential damage may
embarrass the University as a whole.
-Brian
Follow-Ups:
|
|
