CNIL Report April 4 th, 2005

CNIL Report (Apr 4 th, 2005) Two Major Goals: –Improvement of Instructional Services –Strengthening research IT infrastructure Focus on security

Instructional Labs Need to get to sustainable costs –Better resource sharing, less maintenance More predictable sponsors –Ease of external sponsorship and technology refresh (Intel, AMD, Sun, Agilent, etc.) Consolidation of labs: –EE42/43 merged with EE100 – Fall 2005 –CS150 and CS152

Research Infrastructure Security Project (on-going) Proposals for FY05-06 Mac OSX support in EECS.

Meet New Requirements New IT Security Policies/Requirements –Minimum System Security Patches, encryption, authentication, firewalls, passwords, reduce unnecessary services, etc. –Restricted Devices Logging, access control, physical security, etc. –DMUP sb-1386, FERPA, HIPPA, etc. –Technical and Administrative “proprietor”. These apply even if you manage your own equipment

FY04-05 Security Projects Core: –Upgraded EECS Windows AD to Win 2003 with stronger security templates and password policies. –Switched to campus VPN (drop EECS VPN support) –Evaluated various patch management solutions. –Evaluated various network IDS and IDPS solutions. –“Service Port Blocking” put in place 3/26 Internal risk assessment of Central ERL. Training –Incoming FY Grad students –EECS sponsored student organizations

Security Proposals (FY05-06) Network Zones –Secure (production) zone –Restricted zone: core servers –Open zone: less restrictions, setup fee Windows AD and File services will no longer be accessible from outside (of EECS) –Use ssh or campus VPN EECS wireless network (except guest) will be in the “secure” zone.

Project Details Network ID and Port Scanning –Collaboration with campus SNS, with EECS administration and customizations. Wireless a and NAC –802.11a – higher throughput –802.11a encrypted – better protection. –NAC – wireless entry point vetting. VPN –Collaboration with campus CNS (we buy hw, they manage). –First phase – deploy for researchers. –Second phase – deploy for EECS students Enables software license use at home Sponsored student group orientations.

Other Projects Work with Apple to figure out Mac OSX infrastructure support. Spam management –Reset on 3/29 –Deploy personal whitelist? –Look for alternatives Soda Hall Helpdesk

Proposed Fees CIF = $75.5/person/month (drop of $5) Windows Surcharge = $5/os/month System contracts –Desktop = $890/yr (10% increase). –Servers = $2670/yr (10% increase). –T&M rate = $94.5/hr (5% increase). AV T&M = $77/hr (18% increase)

Fee Breakdown

Staff Cost Breakdown (Does not include 2 department FTEs)

Staffing Network (1 PA 4, 2 PAII) –Wired (3600 ports, backbone to campus) –Wireless (802.11b, a, airbears, hmmb, bwrc, euclid) –firewall Accounts (1 PA3) –Active activations and deactivations –Password and home directories (unix, AD, LDAP) Enterprise Services (1 PA4, 1.5 PA3, 1 PA2) – , LDAP, calendar, virus, spam –Dns/dhcp/hostmaster for 50 class C subnets –NIS –File storage and backups –Windows AD. –SWW (solaris, linux, windows). –Software licenses management and distribution. –Computer rooms management –Technology refreshes Security (1 PA3) –Incident handling –Monitoring –Intrusion Dectection DB & WWW (1 PA4, 0.5 PA3, 1 PA2) –Web services –IRIS web site –EECS/ERL roster –Oracle databases (network ports, systems, etc.) Admin (1 AAIII) –Data entry –Monthly billings –Purchases and reimbursements –Budget report generations and reconciliation.