50 likes | 173 Views
USERS. DTF report. Erez Etzion 78 ACCU Meeting December 5, 2007. Closure of VPN services. Motivation – risk of worms Decision – discontinue on January 29 th 2008 Recommended modifications listed on the IT site (mail, internal web, DFS, Terminal services, SSH)
E N D
USERS DTF report Erez Etzion 78 ACCU Meeting December 5, 2007
Closure of VPN services • Motivation – risk of worms • Decision – discontinue on January 29th 2008 • Recommended modifications listed on the IT site (mail, internal web, DFS, Terminal services, SSH) • In some cases the alternative working methods are less convenient and/or provide reduced performance compared to VPN. • Windows DFS File synchronization is not possible from off-site without VPN. File transfer (including mapping a local disk to a WTS session) is possible. • Remote installation of software was possible with VPN. This practice is not recommended therefore no alternative will be provided. Users must instead bring their computers physically to CERN. Desktop Forum report, Erez Etzion
Special cases .. • If a case were to arise where VPN is vital for the mission of the organization and no alternative solution is available within the timescale, a temporary extension could possibly be maintained for the user concerned. This would require that the case is justified and supported by the user’s Department Head (or Deputy). The configuration of the device and working method of the user connecting to VPN would need to be agreed by a member of the security team in order to minimise the risk. USER suggestion CISCO secured VPN access Desktop Forum report, Erez Etzion
Restrictions on running Skype P2P software at CERN • The use of Skype P2P telephony software is NOT permitted at CERN. • Article 4.1 of the Skype End User License Agreement allows computers running Skype to be used to route third party traffic. The algorithm which Skype uses to select these so-called "supernodes" appears to take account of bandwidth availability. We have seen in practice that computers running Skype at CERN become supernodes rather quickly. Its use is therefore not permitted within the CERN site. • To our knowledge, other IP telephony products do not cause such problems, e.g. Microsoft Messenger included by default in Windows/XP (but note that you may need to upgrade to the latest version). Information for NICE users is available at http://cern.ch/mmmservices/Tools/Messenger. NEWS - after a lot of effort there is good news. All has been agreed to allow the use of skype at CERN "as is" so with no support from CERN. This is waiting final approval by the office of the Department Head copied on this mail. Desktop Forum report, Erez Etzion