Aug

Download Report

Transcript Aug 

Technology Update
TSAG Meeting 8/8/02
Announcements:

Account Cleanup



Number of Accounts:
Number of Faculty/Staff:
Number of Students:
41,338
~ 3,000
~30,000
(~ 8K ???)

Mandatory Password Changes Coming in October!

Disk Quota: Mail and Data
Faculty/Staff:
Student:
Other:
Data
30MB
10MB
5MB
Mail
10MB
5MB
5MB

Security Self-Assessment

Wireless Update
Topics for Discussion

Directory (NET) Initiative Update

Mail/Calendaring Update

DNS Cleanup Plans

Network Access Control

Training for TSAG members
Directory Initiative Update

Peoplesoft Authentication via the directory


Go Live Date for HR and Financials: 10/9
Authenticate via:





steven.fitzgerald[@csun.edu]
sfitzger
E0042345 (current method)
Password updates via http://www.csun.edu/account
Account naming updates:



E-mail address:
Account name:
PS OperatorID:
ECS and Admin&Finance
Individual Accounts:
Your task: Have you local account naming
convention unified with the campus directory.
New Mail/Calendaring System Activities

We have been exploring possible replacement for
our:



Current major contenders are:





mail system (Messaging Direct)
calendaring system (Meeting Maker)
Microsoft Exchange,
Sun One Messaging (formally iPlanet) ,
Mirapoint Message Server,
Or combination thereof
Non-evaluation efforts, (i.e., cleanup):

Elm (Electronic Mail)
 Is not IMAP compatible and is not supported
 We plan to purge all $HOME/.elm directories!
(Comments?)
Email Related DNS Naming and Cleanup




Preferred/Supported DNS names:
imap, pop, pop3, and smtp
Deprecated DNS names to be removed Nov 15:
email, mail1, mailsrv1, hp9k2, krusty,
huey, exec, dewey, …
(total of 14 CNAMES)
References to the mail servers via hard-code IP
address are not supported!
Your task:


Update mail clients to use the service-naming convention
Review and update all web pages for bogus “mailto:” links
(e.g, mailto:[email protected])
Majordomo Cleanup

Reason for Cleanup:




Some Stats:




Spring cleaning
Preparing for “list serve” functionality to be supported by
the Campus Directory
To minimize Campus exposure to SPAM
Previous number of lists:
Current number of lists:
Current number of entries:
July
> 4000
1047
39,398
August
787
27,436
Future Activities:



Probe messages to all members of OPEN lists
Probe messages to owners/moderator of CLOSED lists
Probe messages for “[m-z]*-l” lists have not been sent yet
.forward files



Many accounts are being used solely as
e-mail reflectors
“.forward” file will not work with any of the potential
mail solutions
Needs:


To eliminate accounts used just for e-mail reflectors
To move such reflectors to an appropriate alternative, e.g.,



Mail alias
Majordomo-style list
Etc.
Antivirus Mail Filtering




To be put into production shortly,
we’re finalizing testing.
System supports LDAP-based mail routing!
Architecture designed around future campus
mail solution
Goals for the new mail solution:



Redundancy
Scalability
Flexibility
(e.g., to support different SPAM policies?)
Internet
Firewalls
Routers
Primary: smtp
Secondary: imap pop
AntiVirus
mx=10
mx=20
Mail Routers
Mail Servers
Primary: imap, pop
Secondary: smtp
krusty
test1
test2
Proposed: Antivirus/Mail Architecture
DNS Cleanup Plans


Recent survey of DNS should >650 defunct DNS
names
Proposed process/timeline to cleanup





Send periodic ICMP ping probes to all DNS entries (8/269/13)
Correlate data obtained from probes (9/16-9/19)
Inform TSAG of DNS names to be deleted (9/20)
Purge all defunct DNS names (9/23)
Your Task:


Ensure your printers, servers are on line and respond to
ICMP pings
Otherwise inform helpdesk that you wish to retain your
DNS name
Network Access Control:


We have made lots of progress – still more to do!
Recent Changes:
 Blocking the following ports: 1-19
 Blocking the following protocols on the default ports:
Jet Direct
loc-srv
ldap

netbios-ssn
Blocking all inbound network connections to:



Flexlm
svrloc
ldaps
Subnet 31 (Library East Wing)
Subnet 57 (Library Open Labs)
We need to information on Internet Servers!
Internet Server: A server that provides one or more
services to individuals not located on the campus
network
Proposed Edge ACL Changes

Block all inbound ports in the range: 0-512 (1-19 done)



Exceptions:

ftp (port 20, 21)

ssh (port 22)
telnet (port 23)

smtp (port 25)
imap (port 143)
pop3 (port 110)
(for only identified hosts)

http/s (port 80, 443)
Block all inbound ports for the following protocols:

printer (port 515)
x11 (ports 6000-6063)

socks (port 1080)
x font-service (port 7100)

print_agent (ports 3396)
mindprint (port 8033)

jprinter (port 5309)
xprint-server (port 8100)
Target date: September 6
Training for TSAG members





TSAG has recommend that the Campus adopt XP
as the preferred Microsoft-based desktop OS.
Training for XP and .NET has been arranged.
First week of training held 7/29-8/2
Impressions?
Your task:
Inform Chris Sales as to your participation.