[Edu-sig] UPDATE: High School Network Security

Chuck Allison chuck at freshsources.com
Mon May 16 20:24:27 CEST 2005 

Hello Frank,

Some of the reasons cited below from your tech coordinator certainly
make sense, but not for the classroom. Businesses rightly are
concerned about vendor support, adequate testing, standards
conformance, etc. - it can make a big difference in costly projects.
But in small, informal classroom use, a teacher who knows Python can
give all the "support" that's needed. Fortunately at my college, I can
just tell the students to download whatever software and use it (they
all have their own computers - and I have it placed on our lab
computers as well - we have no bureaucracy to stop it - the IT people
are there to support the faculty, not impede them). Over-cautious
IT policies should not stand in the way of educating. Educating
bureaucrats in such separation of concerns is certainly in order.


Monday, May 16, 2005, 12:00:27 PM, you wrote:

FN> Hello again,

FN> Thanks to everyone that gave input to my Vpython installation roadblock. Like
FN> Arthur said, this is not a situation which will be fixed by a little
FN> "education." I asked the tech coordinator to outline the reasons why installing
FN> open source is not in the school's best interest. Here is the reply:

FN> =======
FN> "In Reference to our ticket #313, there are a number of reasons why we (the
FN> technical team) decided that it would not be in keeping with the "best
FN> practices" of the district to install open source software on the districts
FN> computers and network. Four key reasons are as follows:

FN> 1) Lack of technical support from the 'vendor'. Since most open source software
FN> is provided 'free' and is not maintained by a central vendor, technical support
FN> is limited if not non existent. With this lack of technical support of the
FN> software products in question, we have no way of getting help when the software
FN> has a problem or is the cause of problems with the network.

FN> 2) Product testing was another reason. Since there are so many contributors to
FN> open source software, in many cases, the software is not tested for
FN> compatibility and stability. As such, there is no level of expectation that the
FN> product will function as stated. Further more, with the limited testing of the
FN> software, we have no idea of what problems or ill effects the software may have
FN> on the computers and network.

FN> 3) Legal issues. According to the American Bar Association, Contributors do not
FN> vouch for the cleanliness of the code they contribute to the project; in fact,
FN> the opposite is true -- the standard open source license is designed to be very
FN> protective of the contributor. The typical license form does not include any
FN> intellectual property representations, warranties or indemnities in favor of
FN> the licensee; it contains a broad disclaimer of all warranties that benefits
FN> the licensor/contributors. Seeing in that there is no way for us to verify that
FN> the code that contributors are adding is there own, we may be opening up the
FN> district to legal actions should the software or portions there of are
FN> copyrighted and being used illegally or improperly. See attachment for more
FN> detail...

FN> 4) Security of the "system." Since in most cases, anyone can obtain a copy of
FN> the source code of the software (OPEN SOURCE), we are running the risk of a
FN> user being able to modify the software on the network and manipulated it in
FN> such a manor to produce undesired effects. Since we have to look out for the
FN> stability and security of the network, this was viewed as a possible security
FN> issue. Another security concern is the ability of virus introduction. Since the
FN> source code is open, anyone so inclined, could create a virus to exploit the
FN> software without much difficulty. This ability to introduce a virus or other
FN> malicious code to the system can have the effect of bringing the system "down"
FN> and possible data loss or corruption."
FN> ===========

FN> Also included in the email was information from the American Bar Association
FN> at: <http://www.abanet.org/intelprop/opensource.html>

FN> Any thoughts from you folks? Do they have any truly valid points? Perhaps a
FN> "Live CD" is my best (only?) option.

FN> Many thanks again,
FN> Frank Noschese
FN> John Jay High School
FN> Cross River, NY
FN> _______________________________________________
FN> Edu-sig mailing list
FN> Edu-sig at python.org
FN> http://mail.python.org/mailman/listinfo/edu-sig



-- 
Best regards,
 Chuck

More information about the Edu-sig mailing list