110 likes | 241 Views
Technology Update. TSAG Meeting 6/13/02. Announcements:. DNS Naming and Cleanup (coming!) imap: email, mail, mail1, mailsrv1 telnet, csun1: csun2, hp9k2, louie, huey Task: update all your mail clients to use the service-naming convention. Exec Server Phased Out
E N D
Technology Update TSAG Meeting 6/13/02
Announcements: • DNS Naming and Cleanup (coming!) • imap: email, mail, mail1, mailsrv1 • telnet, csun1: csun2, hp9k2, louie, huey • Task: update all your mail clients to use the service-naming convention. • Exec Server Phased Out • Planned and Announced Maintenance • Friday, June 14 6:00PM-12:00PM (tomorrow) • Friday, June 21 6:00PM-12:00PM (next week)
Directory Initiative Announcements • New Directory Infrastructure in placed. • LDAP Directory on hp9k1.csun.edu:1389 to be eliminated • New servers installed: • ldap.csun.edu:389 General lookup and CSU testbed • odir_master:389 Primary OpenLDAP server • odir_slave:636 (Friday) Secondary OpenLDAP server • LDAP Replication to go into production Friday • Outlook’s Find People moving towards production. (Note the configuration change.)
Server Name: ldap.csun.edu Port: 389 Search Base: o=csun Outlook: Find People
Next Up: Mail Client: Find People Account Clean up Password Change Being Discussed/Planned: PeopleSoft Authentication A&F NDS tree ECS Account Naming Directory Initiative Authentication, Authorization, & Information Lookup In Production: • CSUN1 Authentication • Email • findalias • finduser • Modem Pool • Wireless Network • Webmail • Majordomo Authentication • Vacation Authentication
eDirectory(edir.csun.edu) Distribution OpenLDAP (odir.csun.edu) ActiveDir. (adir.csun.edu) Distributed, Replicated Architecture dir.csun.edu:389 dir.csun.edu:636 http://www.csun.edu/account LDAP Server Encryption Modules ldap.csun.edu:389
Top-Level DIT Layout Managed via local experts O=CSUN ou=Authentication ou=A&R ou=ITR ou=Users ou=Groups ITR Managed Locally Managed System Managed
Access Control: • We have made lots of progress – more to do! • Next Steps (target date: June 24) • Blocking the following ports: NFS (2049) and AFS (7000-7008) • Blocking all inbound network connections to: • Subnet 10 (Sequoia Hall 1st floor) • Subnet 11 (Sequoia Hall 2nd floor) • Proposal • Block all inbound ports in the range: 1-19 • Block all inbound ports for the following protocols: Jet Direct: 586 pcanywhere: 19 Flexlm: 744 netbios-ssn: 2279 loc-srv: 2069 svrloc: 433 ldap: 82 ldaps: 636
Maintenance Window Proposal Should you work on a live system? • Three possible Outages exist: • None (only academically) • Unplanned • Planned • Proper maintenance minimizes overall downtime. • Challenge: to find the intersection that minimizes disruptions to the campus community • Current proposed window is Friday’s between 6:00 PM – Midnight Feedback please!
Five Desktop Best Practices(Caleb Fahey) • Utilize NTFS (over FAT) • Enforce Lockout Policies # of login attempts • Setup Ctrl+Alt+Del to prevent automatic logins • Remove default administrative shares (//server/C$ //server/$admin) • Review and disable unnecessary services (e.g., telnet or IIS)
Campus SPAM Concerns(Chris Sales) • There has been a sharp increase of SPAM from off-campus! • Can we block all mail from off campus? • Can we block all mail from “.com” domains? • Can we block all mail from msn.com? • Can we block all mail with words containing: Click, here, for, instance, access • Can we block all mail with the subject: “Hey its Anna” • Can we block all pornography? (Please define!) • The Answer is “No that’s censorship!!!!” • Users must use personal filter options