LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/LG/issue81/sevenich.html

241 lines
13 KiB
HTML
Raw Permalink Blame History

<!--startcut ==============================================-->
<!-- *** BEGIN HTML header *** -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML><HEAD>
<title>Secure and Robust Computer Systems for Primary and Secondary Schools LG #81</title>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#0000AF"
ALINK="#FF0000">
<!-- *** END HTML header *** -->
<CENTER>
<A HREF="http://www.linuxgazette.com/">
<IMG ALT="LINUX GAZETTE" SRC="../gx/lglogo.png"
WIDTH="600" HEIGHT="124" border="0"></A>
<BR>
<!-- *** BEGIN navbar *** -->
<IMG ALT="" SRC="../gx/navbar/left.jpg" WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="bottom"><A HREF="sandeep.html"><IMG ALT="[ Prev ]" SRC="../gx/navbar/prev.jpg" WIDTH="16" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="index.html"><IMG ALT="[ Table of Contents ]" SRC="../gx/navbar/toc.jpg" WIDTH="220" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../index.html"><IMG ALT="[ Front Page ]" SRC="../gx/navbar/frontpage.jpg" WIDTH="137" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="http://www.linuxgazette.com/cgi-bin/talkback/all.py?site=LG&article=http://www.linuxgazette.com/issue81/sevenich.html"><IMG ALT="[ Talkback ]" SRC="../gx/navbar/talkback.jpg" WIDTH="121" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../lg_faq.html"><IMG ALT="[ FAQ ]" SRC="./../gx/navbar/faq.jpg"WIDTH="62" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="tougher.html"><IMG ALT="[ Next ]" SRC="../gx/navbar/next.jpg" WIDTH="15" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><IMG ALT="" SRC="../gx/navbar/right.jpg" WIDTH="15" HEIGHT="45" ALIGN="bottom">
<!-- *** END navbar *** -->
<P>
</CENTER>
<!--endcut ============================================================-->
<H4 ALIGN="center">
"Linux Gazette...<I>making Linux just a little more fun!</I>"
</H4>
<P> <HR> <P>
<!--===================================================================-->
<center>
<H1><font color="maroon">Secure and Robust Computer Systems for Primary and Secondary Schools</font></H1>
<H4>By <a href="mailto:rsevenic@netscape.net">Richard A Sevenich</a> and Michael P Angelo</H4>
</center>
<P> <HR> <P>
<!-- END header -->
<P>A wealthy school district will have the
option of purchasing new software and hardware at some appropriate
interval. It may also have the technical staff to install and
maintain the hardware and software. Even in this idealized school
district, the computer system environment is a harsh one, with its
many student users, some of whom start as relatively computer
illiterate and may not have acquired the discipline to follow
administrative rules intended to ameliorate system virus infections
and other external attacks on the system. The technical staff has the
added burden of attempting to maintain system security in this nearly
impossible environment, characterized by intermittent, unplanned
intense work shifts in response to system security disasters.
Providing the necessary level of technical expertise is quite
expensive and consequently rather rare in our school systems. In
fact, many of the primary and secondary schools in the USA have
computer facilities that are in dire straits. Perhaps the major
problems are these two:</P>
<UL>
<LI><P>The networks are plagued by
viruses etc. and suffer significant down time. Further, loss of
files and of attendant work time is routine.</P>
<LI><P>Often the computers are a hodgepodge of donated and purchased
computers with various versions of Microsoft operating systems and
software.</P>
</UL>
<P>Let's consider each of the two problems
in more detail. Cleaning a network of virus infections is a
time-consuming thankless job. Making a system in a school environment
virus proof in practice is probably not possible currently. Other
hostile system attacks (even internal) are quite likely. A teacher
who depends on such a system to be consistently available will be
routinely disappointed.</P>
<P>If we focus on the second problem,
these are its consequences:</P>
<UL>
<LI><P>The various software versions are
not always compatible with each other, so work cannot be dependably
moved from one computer to another.</P>
<LI><P>The original versions of the
software and the corresponding licenses are sometimes missing.
Microsoft is beginning to seize on this issue, requiring an
expensive solution.</P>
</UL>
<P>In this note we propose a
straightforward solution. The idea came to us when we began playing
with version 3.0 of Demo Linux (<A HREF="http://www.demolinux.org/">http://www.demolinux.org</A>).
It provides the start of a solution. When you boot a machine with
Demo Linux, you end up with a machine running Linux from the CD. The
network will be configured as will X Windows. The old Star Office 5.2
is also included. The hard drive may be mounted. We had remarkable
success booting a variety of machines, including laptops, from the
Demo Linux CD.
</P>
<P>Forgetting about the hard drive for the
moment, a school could have such CDs in all their computers and turn
them on each morning to start with a virus-free environment,
compatible software in all machines, and no licensing problems.
Rather than requiring the constant application of security patches,
the system is reborn each day. The solution is not expensive and is
ultimately robust due to its simplicity. Well, it is almost that
simple and convenient, but not quite. Here are three drawbacks:</P>
<OL>
<LI><P>Some system configuration (e.g.
network parameters) is needed at each boot, requiring that somebody
knowledgeable make the appropriate entries. This is time intensive
when the number of systems is large - assuming that a knowledgeable
person is even available.</P>
<LI><P>The hard drive remains a virus
target.</P>
<LI><P>Applications running from the CD
will run relatively slowly; perhaps unacceptably slowly on some
machines.</P>
</OL>
<P>We next suggest solutions to each of
these problems.</P>
<OL>
<LI><P>Automate system
configuration at boot. To implement this we would add a feature to a
clone of Demo Linux. In particular, on the very first boot have the
system configuration choices made by the appropriate sysadmin or
technician and then have the system automatically hard code those
choices by producing an ISO image to be burned onto a new boot CD,
tailored to that specific machine. The new boot CD would
automatically configure the system as desired. Boot CDs could be
updated on whatever schedule the administration would deem
appropriate (e.g. once a year in August).</P>
<LI><P>We'll assume that
the machines at the school do not have an NFS/NIS file sharing
setup. If that assumption were wrong, we would do things a different
way,
We'll further assume that when
this new system is first installed, the hard drive is ours; i.e. any
files stored on the hard drive have been archived by the owner.
We'll propose a severe solution and insist that machine users
either save their daily work on a floppy or transmit it (e.g. via
scp) to a secure machine serving as a repository. The description of
that secure repository machine is outside the scope of this
discussion. Copying work to a floppy or transmitting it to a secure
repository would be made reasonably convenient and intuitive; e.g.
via some GUI interface. The CD boot process would clean all the
prior day's files from the hard drive. This is the aforementioned
severe solution and more involved and intelligent solutions might be
contrived. However, this solution appears to guarantee a virus free
environment at each new boot and is simple. Note that the hard drive
cleaning is not all that time consuming because it involves only
those files created since the previous boot.</P>
<LI><P>Application speed
can be enhanced by having the boot CD move the appropriate
applications to the hard drive during the boot process, after the
hard drive has been cleaned as described in the prior step.</P>
</OL>
<P>It must be admitted that
this approach is not going to produce a well performing system for
very dated machines with limited resources. Open Office, for example,
would not perform well. A small footprint Linux version and other
resource-conserving software could prove viable. Such are available
in the embedded Linux world and could be adapted to resource-limited
machines. This may be too small a market to pursue, however.</P>
<P>We've explored the
preceding ideas for feasibility, tailoring and burning some boot-up
CDs and the like. However, we have various other commitments and
cannot take the concept to full fruition as a polished, flexible
product in a reasonable time frame, although we will continue to work
on it. We see this as having the potential to:
</P>
<UL>
<LI><P>save school
districts a significant amount of money</P>
<LI><P>obviate the
necessity for occasional audits by Microsoft or other vendors</P>
<LI><P>simplify the system
administration task</P>
<LI><P>make systems much
more secure and robust</P>
<LI><P>remove the need to
respond with unplanned, intense work shifts to repair system
security breaches</P>
</UL>
<P>Pretending that such a
product will actually be created, there is the one remaining hurdle -
the initial deployment. School districts with technical personnel
could easily handle the initial CD boot and the creation of the
second, machine-specific boot CD. The cost of the initial
installation would be amortized very quickly. Alternatively, the CD
provider might supply on site initial installation services at a
reasonable cost. Because of the open nature of Linux, other
consultants would become available. Finally, financially hard-pressed
school districts might get such services free from a nearby Linux
User Group.
</P>
<P>Teachers, already
overburdened, will need to learn enough Linux to function. They will
be resistant, because their time is precious. Those of us who
switched to Linux at some point in the past had to travel a learning
curve. However, Linux has progressed to the point where the learning
curve is no longer significant. There are distributions that are
configured to look and act rather like the Microsoft interface. Old
Microsoft Office files can, in most cases, be imported into something
like Open Office and so on. The direct benefits to the teachers
should outweigh the slight pain of conversion.
</P>
<P>We haven't seen this
concept in this form in print before, although all its elements are
out there. Hence, we wanted to put it before the Linux community. If
the proposal bears up under scrutiny and appears viable, we hope some
entity, such as the Demo Linux folks or a Linux distribution, with
appropriate expertise and resources, adopts it as a project. We have
posed it as a solution to certain difficult problems typically faced
by school districts in the USA. Obviously, it could be applied in
other areas. To some extent, time is of the essence - the need and
opportunity are there now.
</P>
<!-- *** BEGIN bio *** -->
<!-- *** END bio *** -->
<!-- *** BEGIN copyright *** -->
<P> <hr> <!-- P -->
<H5 ALIGN=center>
Copyright &copy; 2002, Richard A Sevenich and Michael P Angelo.<BR>
Copying license <A HREF="../copying.html">http://www.linuxgazette.com/copying.html</A><BR>
Published in Issue 81 of <i>Linux Gazette</i>, August 2002</H5>
<!-- *** END copyright *** -->
<!--startcut ==========================================================-->
<HR><P>
<CENTER>
<!-- *** BEGIN navbar *** -->
<IMG ALT="" SRC="../gx/navbar/left.jpg" WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="bottom"><A HREF="sandeep.html"><IMG ALT="[ Prev ]" SRC="../gx/navbar/prev.jpg" WIDTH="16" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="index.html"><IMG ALT="[ Table of Contents ]" SRC="../gx/navbar/toc.jpg" WIDTH="220" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../index.html"><IMG ALT="[ Front Page ]" SRC="../gx/navbar/frontpage.jpg" WIDTH="137" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="http://www.linuxgazette.com/cgi-bin/talkback/all.py?site=LG&article=http://www.linuxgazette.com/issue81/sevenich.html"><IMG ALT="[ Talkback ]" SRC="../gx/navbar/talkback.jpg" WIDTH="121" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../lg_faq.html"><IMG ALT="[ FAQ ]" SRC="./../gx/navbar/faq.jpg"WIDTH="62" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="tougher.html"><IMG ALT="[ Next ]" SRC="../gx/navbar/next.jpg" WIDTH="15" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><IMG ALT="" SRC="../gx/navbar/right.jpg" WIDTH="15" HEIGHT="45" ALIGN="bottom">
<!-- *** END navbar *** -->
</CENTER>
</BODY></HTML>
<!--endcut ============================================================-->
Reference in New Issue View Git Blame Copy Permalink