where to host web server

where to host web server

Shahar Dag dag at cs.technion.ac.il
Tue Oct 23 16:47:50 IST 2012 

Hello

I will try to answer (at list partly)

Students have access from the Technion to the internet, so they can
investigate it (and in special cases, when research demands it, we take care
for exceptional access)

In a large system, you can't let users do whatever they want, you must
protect your network. For example you will not let a user build & run a DNS
server on the corporate network, you will give him a limited private
network.

If a Technion user misbehaves on the internet, it may block all the Technion
from access to some sites. We would like to prevent it.

If a student builds a web server, and the web server is open to the world,
the student can use the server as a back door for anonymous entrance to the
Technion via his server.  To prevent this we limit the scope of access.

To control all communication, you need a firewall that monitor communication
on the session level and not at the port & protocol level and you need
advanced analytic tools. This cost a lot of money, and not always available.

20 years ago the internet considered a safe place, today it isn't so you
must limit access.

Shahar


-----Original Message-----
From: Nadav Har'El [mailto:nyh at math.technion.ac.il] 
Sent: Sunday, October 21, 2012 3:57 PM
To: Orna Agmon Ben-Yehuda
Cc: Shahar Dag; IGLU Mailing list
Subject: Re: where to host web server

On Sun, Oct 21, 2012, Orna Agmon Ben-Yehuda wrote about "Re: where to host
web server":
> I think it is not a question of resources, but of policies and 
> firewall ports. The Technion does not allow any SMTP servers that are 
> not controlled by the system team, for example.

Look, specific policies about port 25 (SMTP) serve to solve a very specific
problem (spam bots) and the collateral damage is small (students and faculty
can't experiment with writing new mail servers).

This is quite a different thing than a broad policy that no
student-accessible computer in the technion may allow incoming connections.
That prevents development of all sort of Internet services, protocols, and
so on. I don't think I need to give here a list of Internet protocols and
servers which were developed in universities, and would not have had the
universities were so unnecessarily-strict back then. The smallest example
would be my very own "almost complete guide to the Israeli Internet", which
some of you may remember as my index of Israeli web sites in the early
1990s, which I created as a student and I learned *a lot* from this
experience. Today, I guess, the Technion would frown upon such enterprise.
Twenty years ago, people thought it was great that students learn about the
Internet and create new things...

Anyway, the original poster demonstrated why this policy is nothing but
stupid: Here he wants to teach students something, and can't because of
Technion policies, so he needs to turn to external companies to do this.
How does this make any educational sense?

-- 
Nadav Har'El                        |      Sunday, Oct 21 2012, 5 Heshvan
5773
nyh at math.technion.ac.il
|-----------------------------------------
Phone +972-523-790466, ICQ 13349191 |This box was intentionally left blank.
http://nadav.harel.org.il           |

More information about the Linux-il mailing list