Technology Update TSAG Meeting 9/12/02
Dec 19, 2015
Technology Update
TSAG Meeting 9/12/02
Announcements: Mandatory Password Changes Coming in October!
(Postponed)
End of BootP (November 1)
DNS Cleanup Send periodic ICMP ping probes to all DNS entries (8/26-
9/13) Correlate data obtained from probes (9/16-9/19) Inform TSAG of DNS names to be deleted (9/20) Purge all defunct DNS names (9/23)
Account Cleanup: Collecting information from you. Number of Accounts: 41,338 Number of Faculty/Staff: ~ 3,000 Number of Students: ~30,000 (~ 8K ???)
Training For TSAG Members
Big Picture: Provide XP training to TSAG members Prepare for the TSAG recommended wide-spread
deployment of XP First training session in an envisioned series
First training session cancelled: lack of participation (9/16 – 9/20)
Second training session in jeopardy!Tentative date: 10/14 – 10/18
Coordinate with Chris Sales.
Network Access Control: Recent Changes to Inbound Traffic:
Port-based blocking: 0-512 with exceptions (ftp, ssh, telnet, http/s) Mail related ports except to identified mail servers Printer-related, X1, and service location related
Subnet blocking: 108 – 111 (Education Building)
Network Access Control: Recent Changes to Inbound Traffic:
Port-based blocking: 0-512 with exceptions (ftp, ssh, telnet, http/s) Mail related ports except to identified mail servers Printer-related, X1, and service location related
Subnet blocking: 108 – 111 (Education Building)
time
Application of Subnet Blocking
Proposed Edge ACL Changes
Block all inbound ports in the range: 513-1024 Block all inbound connections on subnets: ??? Target date: October 4
Next step: Block all inbound connections to non Internet Servers
Internet Server: A server that provides one or more services to individuals off campus.
We need information on Internet Servers! Target date: ? January 2003 ?
Preparing for an IDS
From the May TSAG Examine “services” provided (by each unit) Determine general philosophy for Access Control Defined typical traffic patterns Block all unwanted traffic Monitor traffic for abnormal behavior
I.e., we need to understand the services we provide to our constituents.
Dragon Intrusion Detection System IDS: Real-time detection, reporting, and
termination of unauthorized network activity Problem: We need to know which traffic is
authorized or unauthorized based upon your units needs.
Current Status of System
Virtual Private Networking
Preproduction Service Installed:Cisco Systems VPN 3060
Network Address: vpn.csun.edu Clients Available for:
Windows (95-XP) Macintosh System 10.1 Solaris Linux (Intel)
Works with the campus directory! http://www.csun.edu/helpdesk/vpn
What does the VPN do?
Encrypted Traffic:
Secure Services Provide via VPN Examples of uses:
Create secure wireless connections on campus Gain more complete secure access to the campus network
over wireless Create secure connections to the campus network from
home Full, secure use of your campus Email using POP or IMAP
client from your home computer Share on campus files securely with your home computer
More to be added?
Bypassing x1400(For TSAG Members Only) To provide better support to technical savvy
individuals, the Campus Helpdesk and ITR techs will be monitoring an IRC chat room.
Server Name: irc.csun.edu Chat Room: #helpdesk Software Clients:
xchat: http://xchat.org mIRC: http://www.mirc.com
Status of System: Experimental!
Mail Migration Update
Recap: >41K users migrated (1 user took 11 hours) >160 GB of data migrated (Quota’s are NEEDED!)
Planned 4 day activity 11 day activity End-user Problems: (2172 helpdesk calls)
85% Desktop Issues
12% Mail aliases
([email protected], [email protected])
3% Duplicate e-mail for POP users
Directory Lookup for Email Aliases$ ssh csun1.csun.edu
$ ldapsearch –h dir.csun.edu –b o=csun uid=steve
dn: uid=steve, ou=People, ou=Auth, o=CSUN
uid: steve
…
mail: [email protected]
mailLocalAddress: [email protected]
mailLocalAddress: [email protected]
mailhost: petrel.csun.edu
mailRoutingAddress: steve
POP / Duplication Issue
POP users indicated receiving multiple
copies of mail each time they POPed
I recommended:
Configure POP without save on server option
This is a Red Herring!
Feel free to configure POP as you see fit.
Mail and Calendaring: Next Step More aggressive SPAM filtering
SSL/TLS support
SMTP auth support
SMTP auth requirement
TSAG committee to evaluate:“Support Issues for Campus Calendaring System”
Contact: David Sorkin