Top Banner
Technology Update TSAG Meeting 9/12/02
16

Technology Update TSAG Meeting 9/12/02. Announcements: Mandatory Password Changes Coming in October! (Postponed) End of BootP (November 1) DNS Cleanup.

Dec 19, 2015

Download

Documents

Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Technology Update TSAG Meeting 9/12/02. Announcements: Mandatory Password Changes Coming in October! (Postponed) End of BootP (November 1) DNS Cleanup.

Technology Update

TSAG Meeting 9/12/02

Page 2: Technology Update TSAG Meeting 9/12/02. Announcements: Mandatory Password Changes Coming in October! (Postponed) End of BootP (November 1) DNS Cleanup.

Announcements: Mandatory Password Changes Coming in October!

(Postponed)

End of BootP (November 1)

DNS Cleanup Send periodic ICMP ping probes to all DNS entries (8/26-

9/13) Correlate data obtained from probes (9/16-9/19) Inform TSAG of DNS names to be deleted (9/20) Purge all defunct DNS names (9/23)

Account Cleanup: Collecting information from you. Number of Accounts: 41,338 Number of Faculty/Staff: ~ 3,000 Number of Students: ~30,000 (~ 8K ???)

Page 3: Technology Update TSAG Meeting 9/12/02. Announcements: Mandatory Password Changes Coming in October! (Postponed) End of BootP (November 1) DNS Cleanup.

Training For TSAG Members

Big Picture: Provide XP training to TSAG members Prepare for the TSAG recommended wide-spread

deployment of XP First training session in an envisioned series

First training session cancelled: lack of participation (9/16 – 9/20)

Second training session in jeopardy!Tentative date: 10/14 – 10/18

Coordinate with Chris Sales.

Page 4: Technology Update TSAG Meeting 9/12/02. Announcements: Mandatory Password Changes Coming in October! (Postponed) End of BootP (November 1) DNS Cleanup.

Network Access Control: Recent Changes to Inbound Traffic:

Port-based blocking: 0-512 with exceptions (ftp, ssh, telnet, http/s) Mail related ports except to identified mail servers Printer-related, X1, and service location related

Subnet blocking: 108 – 111 (Education Building)

Page 5: Technology Update TSAG Meeting 9/12/02. Announcements: Mandatory Password Changes Coming in October! (Postponed) End of BootP (November 1) DNS Cleanup.

Network Access Control: Recent Changes to Inbound Traffic:

Port-based blocking: 0-512 with exceptions (ftp, ssh, telnet, http/s) Mail related ports except to identified mail servers Printer-related, X1, and service location related

Subnet blocking: 108 – 111 (Education Building)

time

Application of Subnet Blocking

Page 6: Technology Update TSAG Meeting 9/12/02. Announcements: Mandatory Password Changes Coming in October! (Postponed) End of BootP (November 1) DNS Cleanup.

Proposed Edge ACL Changes

Block all inbound ports in the range: 513-1024 Block all inbound connections on subnets: ??? Target date: October 4

Next step: Block all inbound connections to non Internet Servers

Internet Server: A server that provides one or more services to individuals off campus.

We need information on Internet Servers! Target date: ? January 2003 ?

Page 7: Technology Update TSAG Meeting 9/12/02. Announcements: Mandatory Password Changes Coming in October! (Postponed) End of BootP (November 1) DNS Cleanup.

Preparing for an IDS

From the May TSAG Examine “services” provided (by each unit) Determine general philosophy for Access Control Defined typical traffic patterns Block all unwanted traffic Monitor traffic for abnormal behavior

I.e., we need to understand the services we provide to our constituents.

Page 8: Technology Update TSAG Meeting 9/12/02. Announcements: Mandatory Password Changes Coming in October! (Postponed) End of BootP (November 1) DNS Cleanup.

Dragon Intrusion Detection System IDS: Real-time detection, reporting, and

termination of unauthorized network activity Problem: We need to know which traffic is

authorized or unauthorized based upon your units needs.

Current Status of System

Page 9: Technology Update TSAG Meeting 9/12/02. Announcements: Mandatory Password Changes Coming in October! (Postponed) End of BootP (November 1) DNS Cleanup.

Virtual Private Networking

Preproduction Service Installed:Cisco Systems VPN 3060

Network Address: vpn.csun.edu Clients Available for:

Windows (95-XP) Macintosh System 10.1 Solaris Linux (Intel)

Works with the campus directory! http://www.csun.edu/helpdesk/vpn

Page 10: Technology Update TSAG Meeting 9/12/02. Announcements: Mandatory Password Changes Coming in October! (Postponed) End of BootP (November 1) DNS Cleanup.

What does the VPN do?

Encrypted Traffic:

Page 11: Technology Update TSAG Meeting 9/12/02. Announcements: Mandatory Password Changes Coming in October! (Postponed) End of BootP (November 1) DNS Cleanup.

Secure Services Provide via VPN Examples of uses:

Create secure wireless connections on campus Gain more complete secure access to the campus network

over wireless Create secure connections to the campus network from

home Full, secure use of your campus Email using POP or IMAP

client from your home computer Share on campus files securely with your home computer

More to be added?

Page 12: Technology Update TSAG Meeting 9/12/02. Announcements: Mandatory Password Changes Coming in October! (Postponed) End of BootP (November 1) DNS Cleanup.

Bypassing x1400(For TSAG Members Only) To provide better support to technical savvy

individuals, the Campus Helpdesk and ITR techs will be monitoring an IRC chat room.

Server Name: irc.csun.edu Chat Room: #helpdesk Software Clients:

xchat: http://xchat.org mIRC: http://www.mirc.com

Status of System: Experimental!

Page 13: Technology Update TSAG Meeting 9/12/02. Announcements: Mandatory Password Changes Coming in October! (Postponed) End of BootP (November 1) DNS Cleanup.

Mail Migration Update

Recap: >41K users migrated (1 user took 11 hours) >160 GB of data migrated (Quota’s are NEEDED!)

Planned 4 day activity 11 day activity End-user Problems: (2172 helpdesk calls)

85% Desktop Issues

12% Mail aliases

([email protected], [email protected])

3% Duplicate e-mail for POP users

Page 14: Technology Update TSAG Meeting 9/12/02. Announcements: Mandatory Password Changes Coming in October! (Postponed) End of BootP (November 1) DNS Cleanup.

Directory Lookup for Email Aliases$ ssh csun1.csun.edu

$ ldapsearch –h dir.csun.edu –b o=csun uid=steve

dn: uid=steve, ou=People, ou=Auth, o=CSUN

uid: steve

mail: [email protected]

mailLocalAddress: [email protected]

mailLocalAddress: [email protected]

mailhost: petrel.csun.edu

mailRoutingAddress: steve

Page 15: Technology Update TSAG Meeting 9/12/02. Announcements: Mandatory Password Changes Coming in October! (Postponed) End of BootP (November 1) DNS Cleanup.

POP / Duplication Issue

POP users indicated receiving multiple

copies of mail each time they POPed

I recommended:

Configure POP without save on server option

This is a Red Herring!

Feel free to configure POP as you see fit.

Page 16: Technology Update TSAG Meeting 9/12/02. Announcements: Mandatory Password Changes Coming in October! (Postponed) End of BootP (November 1) DNS Cleanup.

Mail and Calendaring: Next Step More aggressive SPAM filtering

SSL/TLS support

SMTP auth support

SMTP auth requirement

TSAG committee to evaluate:“Support Issues for Campus Calendaring System”

Contact: David Sorkin