Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I\'ve just taken over administering a lab of Apple computers on a university cam

ID: 661532 • Letter: I

Question

I've just taken over administering a lab of Apple computers on a university campus. We have about 15 computers and I've discovered that they all have public IPs and domain names. Even our printer is accessible from the Internet, which is probably the most terrifying.

I tried running a port scan on the computers in my lab using nmap but (obviously) I started lighting up computers all over the building and further afield. I'm not sure how to test our vulnerability without getting in trouble with network operations.

This situation makes me really nervous and I feel like I don't have full control over my cluster of machines.

I have two questions:

1. Is it reasonable for me to be scared about the security situation in the lab?

2. Is it reasonable for me to ask IT services for an explanation of the networking here and ways to mitigate my lab's exposure?

I'd feel much better with everything behind Tomato-based router and some port-forwarding rules rather than every single machine fully accessible to the Internet. I know that's not a silver bullet but it's better than nothing.

Explanation / Answer

If you know the IPs of those computers, you should be able to scan just those IPs without hitting other nodes on your network.

When you say that you 'administer' the lab, that can mean many things, but I'll assume that you administer the machines themselves.

You have a legitimate concern for your machines. There should be no question about being able to talk to your IT services to get an explanation. It is possible, for instance, that your predecessor set up the network and IT services knows nothing about it. If IT services approves and signs off on the configuration, then they take the liability if anything goes wrong. You can work with them on ways to mitigate any problems.

On the other hand, I have seen private networks that use public IPs that aren't really public, i.e. they are not accessible to the outside. By using public IPs, they can play with route tables and make it difficult for hackers to tunnel in/out of the network. So, there might not be anything wrong, just 'non-standard'.

In any case, you should feel free to call IT services for a review.

Related Questions

I\'ve got metal coin : http://www.worldpeacecoin.org/ Ruble/dollar, a coin of di
Question #1382287
I\'ve got my answers, just want to make sure I\'ve got the concept correct. 1. T
Question #1886783
I\'ve got my answers, just want to make sure I\'ve got the concept correct. 1. T
Question #1886788
I\'ve got myself into a bit of a mess. I\'ve got code coming from Main, through
Question #644467
I\'ve got quite a few machines with quite a few directories that I want to keep
Question #658360
I\'ve got several applications and websites that will be built around one main a
Question #652363
I\'ve got some code that I want to run when certain HTML elements are added to t
Question #646646
I\'ve got the Ship, CargoShip, and CruiseShip classes but can\'t figure out the
Question #3692787
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I\'ve just taken on a new job at a college as (the sole) Web application develop
Next
I\'ve just watched a video on the TLS protocol and learnt that it uses unidirect

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.