Technology Update TSAG Meeting 6/13/02. Announcements: DNS Naming and Cleanup (coming!) imap: email, mail, mail1, mailsrv1 telnet, csun1: csun2, hp9k2,

Technology Update

TSAG Meeting 6/13/02

Announcements:

DNS Naming and Cleanup (coming!) imap: email, mail, mail1, mailsrv1 telnet, csun1: csun2, hp9k2, louie, huey

Task: update all your mail clients to use the service-naming convention.

Exec Server Phased Out Planned and Announced Maintenance

Friday, June 14 6:00PM-12:00PM (tomorrow) Friday, June 21 6:00PM-12:00PM (next week)

Directory Initiative Announcements New Directory Infrastructure in placed.

LDAP Directory on hp9k1.csun.edu:1389 to be eliminated

New servers installed: ldap.csun.edu:389 General lookup and CSU testbed odir_master:389 Primary OpenLDAP server odir_slave:636 (Friday) Secondary OpenLDAP server

LDAP Replication to go into production Friday Outlook’s Find People moving towards

production. (Note the configuration change.)

Outlook: Find People

Server Name: ldap.csun.edu

Search Base: o=csun

Port: 389

Directory Initiative

In Production: CSUN1 Authentication Email findalias finduser Modem Pool Wireless Network Webmail Majordomo Authentication Vacation Authentication

Next Up: Mail Client: Find People Account Clean up Password Change

Being Discussed/Planned: PeopleSoft Authentication A&F NDS tree ECS Account Naming

Authentication, Authorization, & Information Lookup

Distributed, Replicated Architecture

http://www.csun.edu/accountdir.csun.edu:389dir.csun.edu:636

ldap.csun.edu:389

eDirectory(edir.csun.edu)

OpenLDAP(odir.csun.edu)

ActiveDir.(adir.csun.edu)

Encryption Modules

LD

AP

Ser

ver

Dis

trib

utio

n

O=CSUN

ou=Authentication ou=ITRou=A&R

ou=Users ou=Groups

Top-Level DIT Layout

System Managed

Locally Managed

Managed via local experts

ITR Managed

Access Control:

We have made lots of progress – more to do! Next Steps (target date: June 24)

Blocking the following ports: NFS (2049) and AFS (7000-7008) Blocking all inbound network connections to:

Subnet 10 (Sequoia Hall 1st floor) Subnet 11 (Sequoia Hall 2nd floor)

Proposal Block all inbound ports in the range: 1-19 Block all inbound ports for the following protocols:

Jet Direct: 586 pcanywhere: 19Flexlm: 744 netbios-ssn: 2279loc-srv: 2069 svrloc: 433ldap: 82 ldaps: 636

Maintenance Window ProposalShould you work on a live system?

Three possible Outages exist:1. None (only academically)2. Unplanned3. Planned

Proper maintenance minimizes overall downtime.

Challenge: to find the intersection that minimizes disruptions to the campus community

Current proposed window isFriday’s between 6:00 PM – MidnightFeedback please!

Five Desktop Best Practices(Caleb Fahey)

1. Utilize NTFS (over FAT)2. Enforce Lockout Policies

# of login attempts

3. Setup Ctrl+Alt+Del to prevent automatic logins

4. Remove default administrative shares (//server/C$ //server/$admin)

5. Review and disable unnecessary services (e.g., telnet or IIS)

Campus SPAM Concerns(Chris Sales) There has been a sharp increase of SPAM from off-

campus! Can we block all mail from off campus? Can we block all mail from “.com” domains? Can we block all mail from msn.com? Can we block all mail with words containing:

Click, here, for, instance, access Can we block all mail with the subject:

“Hey its Anna” Can we block all pornography? (Please define!)

The Answer is “No that’s censorship!!!!” Users must use personal filter options