Feb by dandanhuanghuang


									Technology Update

   TSAG Meeting 2/13/03
   Self-Service Account Utility Available

   Disaster Recovery Test:
       (2/18-19) Networking Infrastructure: DNS, DHCP, Authentication (Radius &
       (3/?) E-mail Infrastructure:

   SIMSR Security Enhancement (2/18)
        VPN required for off-campus desktops

   Directory Authentication for Peoplesoft HR/FN (1/13 => 2/19)
       Campus UID, E-mail Address, or Peoplesoft Operator ID
       Password resets handled by University Helpdesk and PS Helpdesk

   SMTP Authentication (3/1)
   Disk (Email and Data) Quotas (4/15)
   Voice/IP Change Over (1/18-20 => 3/29-31)
   Mainframe Shutdown (6/30)

   CATS Conference (Gail Johnson)
   Voice/IP Update (Greg Nicols)
   TII Update (Bonnie Davis)
   Mainframe Status (Don Foster)
   Microsoft Licensing Changes (Kurt Webb)
   IDS (Greg Duhon [Out Sick])
   Discussion on Slammer and Securing the Campus
   Presentation by Epson vendor (Charles Barnston)
             Call Accounting

911 Server
             Call Accounting

911 Server
TII Update (Stage 2)
   Stage 2: replacement of network electronics
   Project/schedule negotiated between CO and SBC
   Currently, all work is to be performed between 6:00am and
   Little wiggle room exists in the schedule
   Schedule Overview:
       Core is complete
       Building start: March 2002
        (Sequoia, Sierra, Manz., ArtDesign)
       Building stop: Dec 2002
   Local meetings will be held ~1 month before start of
Mainframe Status

   Approximately, 50% of the applications have been
    migrated off.
       2000 user accounts     50-100 daily users
       134 remaining apps     16 appear active
   All apps must be removed by June 30
   Local units are responsible to identify and to
    migrated their applications off
   More info is needed:
       A meeting can be arranged to work out details
       Contact point: Don (x 5215)
Microsoft Licensing Changes

   New contract CSU-wide contract (effective 1/1/03)
   Information on the processes, etc., is still being
    ferreted out
   Four separate processes and licensing categories:
       On Campus installations: should be performed via TSAG
        members or ITR/TES via a TSR
       Home installations or the WAH (Work At Home) provision:
         software purchased via “ASAP”
       Students: software purchased at Bookstore
       Server Software: obtained via CSU ITAC members
        (for our campus it’s the CIO)
   Stay tuned for Keys, CDs, and more information
Cyber Attack: SQL Slammer
    Primary Application Affected: MS SQL Server
    Three Vulnerabilities:
        Buffer overruns (stack and heap), and
        DoS (keep alive packet exchange)
    Server Resolution Service (port1434/UDP)
     (Port 1433/TCP is the default server port)
    Affected Campus Servers: 6 (1+5)
    Local Resource Costs:
        Loss of Services
            Campus Network [~3 days]
            Functionality of several servers
        Time of Campus IT Staff
Discussion on Slammer (I)

   Could we (the Campus) have avoided this attack
    from affecting on-campus systems or services?

   Could we have minimized the affects of this attack
    on the Campus?

   Could we have eliminated CSUN's participation in
    the attack?

   Could we have recovered more quickly from this
Discussion on Slammer (II)

   What controls/standards should have been in
    place prior to the attack?

   What are the precursory steps that should
    have been taken in preparation for the

   What immediate steps should we taken to
    react to an attack?
Desktop/OS/Application Standards

   Why Standards?
       To reduce the complexity of the system
       To ensure the Campus community uses the appropriate
        technology to support the work of the students, faculty, and
        staff via a secure, reliable method.
       To educate the faculty and administration on the rational of
        the standards and gain support
       To develop transition plans (locally and campus-wide) to
        adopt new and phase-out old technology

   TSAG’s task/role?
       Develop and recommend standards and best practices
       One size will not fit all!
       How does TSAG want to self-organize its structure
Next Round of ACLs
   Block all outbound “Well Known Ports”            (0 - 1024)
       except:    ftp(20,21[989,990]), ssh(22),
   Block all inbound to subnets 128-255
       except for registered Internet Servers
       affected areas:
           Sierra Tower,              Jerome Richfield
           DMJM Trailers,             Student Services Bldg
           University Student Union   Sagebrush Hall
           H-Complex                  Bank Building
           PE, Athletics,             Bldgs T, S, & O
           Oviatt Library             Science Buildings
   Retain blocks on 1433 and 1434
   We routinely block attacking Class C networks

To top