Presentation on theme: "Technology Update TSAG Meeting 8/8/02. Announcements: Account Cleanup Number of Accounts: 41,338 Number of Faculty/Staff:~ 3,000 Number of Students:~30,000(~"— Presentation transcript:
Announcements: Account Cleanup Number of Accounts: 41,338 Number of Faculty/Staff:~ 3,000 Number of Students:~30,000(~ 8K ???) Mandatory Password Changes Coming in October! Disk Quota: Mail and Data DataMail Faculty/Staff:30MB10MB Student:10MB 5MB Other: 5MB 5MB Security Self-Assessment Wireless Update
Topics for Discussion Directory (NET) Initiative Update Mail/Calendaring Update DNS Cleanup Plans Network Access Control Training for TSAG members
Directory Initiative Update Peoplesoft Authentication via the directory Go Live Date for HR and Financials: 10/9 Authenticate via: E-mail address:steven.fitzgerald[@csun.edu] Account name:sfitzger PS OperatorID:E0042345 (current method) Password updates via http://www.csun.edu/accounthttp://www.csun.edu/account Account naming updates: ECS and Admin&Finance Individual Accounts: Your task: Have you local account naming convention unified with the campus directory.
New Mail/Calendaring System Activities We have been exploring possible replacement for our: mail system (Messaging Direct) calendaring system (Meeting Maker) Current major contenders are: Microsoft Exchange, Sun One Messaging (formally iPlanet), Mirapoint Message Server, Or combination thereof Non-evaluation efforts, (i.e., cleanup): Elm (Electronic Mail) Is not IMAP compatible and is not supported We plan to purge all $HOME/.elm directories! (Comments?)
Email Related DNS Naming and Cleanup Preferred/Supported DNS names: imap, pop, pop3, and smtp Deprecated DNS names to be removed Nov 15: email, mail1, mailsrv1, hp9k2, krusty, huey, exec, dewey, … (total of 14 CNAMES) References to the mail servers via hard-code IP address are not supported! Your task: Update mail clients to use the service-naming convention Review and update all web pages for bogus “mailto:” links (e.g, mailto:firstname.lastname@example.org)
Majordomo Cleanup Reason for Cleanup: Spring cleaning Preparing for “list serve” functionality to be supported by the Campus Directory To minimize Campus exposure to SPAM Some Stats: JulyAugust Previous number of lists: > 4000 Current number of lists: 1047 787 Current number of entries: 39,39827,436 Future Activities: Probe messages to all members of OPEN lists Probe messages to owners/moderator of CLOSED lists Probe messages for “[m-z]*-l” lists have not been sent yet
.forward files Many accounts are being used solely as e-mail reflectors “.forward” file will not work with any of the potential mail solutions Needs: To eliminate accounts used just for e-mail reflectors To move such reflectors to an appropriate alternative, e.g., Mail alias Majordomo-style list Etc.
Antivirus Mail Filtering To be put into production shortly, we’re finalizing testing. System supports LDAP-based mail routing! Architecture designed around future campus mail solution Goals for the new mail solution: Redundancy Scalability Flexibility (e.g., to support different SPAM policies?)
Proposed: Antivirus/Mail Architecture krustytest1test2 Internet Firewalls Routers AntiVirus Mail Routers Mail Servers mx=10 Primary: imap, pop Secondary: smtp mx=20 Primary: smtp Secondary: imap pop
DNS Cleanup Plans Recent survey of DNS should >650 defunct DNS names Proposed process/timeline to cleanup Send periodic ICMP ping probes to all DNS entries (8/26- 9/13) Correlate data obtained from probes (9/16-9/19) Inform TSAG of DNS names to be deleted (9/20) Purge all defunct DNS names (9/23) Your Task: Ensure your printers, servers are on line and respond to ICMP pings Otherwise inform helpdesk that you wish to retain your DNS name
Network Access Control: We have made lots of progress – still more to do! Recent Changes: Blocking the following ports: 1-19 Blocking the following protocols on the default ports: Jet Direct Flexlmnetbios-ssn loc-srvsvrloc ldapldaps Blocking all inbound network connections to: Subnet 31 (Library East Wing) Subnet 57 (Library Open Labs) We need to information on Internet Servers! Internet Server: A server that provides one or more services to individuals not located on the campus network
Proposed Edge ACL Changes Block all inbound ports in the range: 0-512 (1-19 done) Exceptions: ftp (port 20, 21) ssh (port 22)telnet (port 23) smtp (port 25)pop3 (port 110) imap (port 143) (for only identified hosts) http/s (port 80, 443) Block all inbound ports for the following protocols: printer (port 515)x11 (ports 6000-6063) socks (port 1080) x font-service (port 7100) print_agent (ports 3396) mindprint (port 8033) jprinter (port 5309)xprint-server (port 8100) Target date: September 6
Training for TSAG members TSAG has recommend that the Campus adopt XP as the preferred Microsoft-based desktop OS. Training for XP and.NET has been arranged. First week of training held 7/29-8/2 Impressions? Your task: Inform Chris Sales as to your participation.