140 likes | 237 Views
Technology Update. TSAG Meeting 8/8/02. Announcements:. Account Cleanup Number of Accounts: 41,338 Number of Faculty/Staff: ~ 3,000 Number of Students: ~30,000 (~ 8K ???) Mandatory Password Changes Coming in October! Disk Quota: Mail and Data Data Mail Faculty/Staff: 30MB 10MB
E N D
Technology Update TSAG Meeting 8/8/02
Announcements: • Account Cleanup • Number of Accounts: 41,338 • Number of Faculty/Staff: ~ 3,000 • Number of Students: ~30,000 (~ 8K ???) • Mandatory Password Changes Coming in October! • Disk Quota: Mail and Data Data Mail Faculty/Staff: 30MB 10MB Student: 10MB 5MB Other: 5MB 5MB • Security Self-Assessment • Wireless Update
Topics for Discussion • Directory (NET) Initiative Update • Mail/Calendaring Update • DNS Cleanup Plans • Network Access Control • Training for TSAG members
Directory Initiative Update • Peoplesoft Authentication via the directory • Go Live Date for HR and Financials: 10/9 • Authenticate via: • E-mail address: steven.fitzgerald[@csun.edu] • Account name: sfitzger • PS OperatorID: E0042345 (current method) • Password updates via http://www.csun.edu/account • Account naming updates: • ECS and Admin&Finance • Individual Accounts: • Your task: Have you local account naming convention unified with the campus directory.
New Mail/Calendaring System Activities • We have been exploring possible replacement for our: • mail system (Messaging Direct) • calendaring system (Meeting Maker) • Current major contenders are: • Microsoft Exchange, • Sun One Messaging (formally iPlanet) , • Mirapoint Message Server, • Or combination thereof • Non-evaluation efforts, (i.e., cleanup): • Elm (Electronic Mail) • Is not IMAP compatible and is not supported • We plan to purge all $HOME/.elm directories! (Comments?)
Email Related DNS Naming and Cleanup • Preferred/Supported DNS names: imap, pop, pop3, and smtp • Deprecated DNS names to be removed Nov 15: email, mail1, mailsrv1, hp9k2, krusty, huey, exec, dewey, … (total of 14 CNAMES) • References to the mail servers via hard-code IP address are not supported! • Your task: • Update mail clients to use the service-naming convention • Review and update all web pages for bogus “mailto:” links (e.g, mailto:steve@huey.csun.edu)
Majordomo Cleanup • Reason for Cleanup: • Spring cleaning • Preparing for “list serve” functionality to be supported by the Campus Directory • To minimize Campus exposure to SPAM • Some Stats: July August • Previous number of lists: > 4000 • Current number of lists: 1047 787 • Current number of entries: 39,398 27,436 • Future Activities: • Probe messages to all members of OPEN lists • Probe messages to owners/moderator of CLOSED lists • Probe messages for “[m-z]*-l” lists have not been sent yet
.forward files • Many accounts are being used solely ase-mail reflectors • “.forward” file will not work with any of the potential mail solutions • Needs: • To eliminate accounts used just for e-mail reflectors • To move such reflectors to an appropriate alternative, e.g., • Mail alias • Majordomo-style list • Etc.
Antivirus Mail Filtering • To be put into production shortly, we’re finalizing testing. • System supports LDAP-based mail routing! • Architecture designed around future campus mail solution • Goals for the new mail solution: • Redundancy • Scalability • Flexibility (e.g., to support different SPAM policies?)
Proposed: Antivirus/Mail Architecture Internet Firewalls Routers Primary: smtp Secondary: imap pop AntiVirus mx=10 mx=20 Mail Routers Primary: imap, pop Secondary: smtp Mail Servers krusty test1 test2
DNS Cleanup Plans • Recent survey of DNS should >650 defunct DNS names • Proposed process/timeline to cleanup • Send periodic ICMP ping probes to all DNS entries (8/26-9/13) • Correlate data obtained from probes (9/16-9/19) • Inform TSAG of DNS names to be deleted (9/20) • Purge all defunct DNS names (9/23) • Your Task: • Ensure your printers, servers are on line and respond to ICMP pings • Otherwise inform helpdesk that you wish to retain your DNS name
Network Access Control: • We have made lots of progress – still more to do! • Recent Changes: • Blocking the following ports: 1-19 • Blocking the following protocols on the default ports: Jet Direct Flexlm netbios-ssn loc-srv svrloc ldap ldaps • Blocking all inbound network connections to: • Subnet 31 (Library East Wing) • Subnet 57 (Library Open Labs) • We need to information on Internet Servers! Internet Server: A server that provides one or more services to individuals not located on the campus network
Proposed Edge ACL Changes • Block all inbound ports in the range: 0-512 (1-19 done) • Exceptions: • ftp (port 20, 21) • ssh (port 22) telnet (port 23) • smtp (port 25) pop3 (port 110) imap (port 143) (for only identified hosts) • http/s (port 80, 443) • Block all inbound ports for the following protocols: • printer (port 515) x11 (ports 6000-6063) • socks (port 1080) x font-service (port 7100) • print_agent (ports 3396) mindprint (port 8033) • jprinter (port 5309) xprint-server (port 8100) • Target date: September 6
Training for TSAG members • TSAG has recommend that the Campus adopt XP as the preferred Microsoft-based desktop OS. • Training for XP and .NET has been arranged. • First week of training held 7/29-8/2 • Impressions? • Your task: Inform Chris Sales as to your participation.