TSAG Meeting 1/09/02 Update on Current Technology Initiatives Steven Fitzgerald
Announcements Availability: Gartner Group Data: Replacement: Account Maintenance System (January 28, 2002) Phase out: Meeting Maker V5 (January 19, 2002) Release: Web-based (February 5, 2002) Changes: –To mitigate SPAM mail (February 15, 2002) (mail header must be addressed appropriately) –To strength Modem Pool Authentication (* ) (Pending)
Changes Place tighter restrictions on Mail Headers –Incoming mail “To” field must be valid CSUN address –Outgoing mail “From” field must be a valid CSUN address “Reply-to” filed may be any valid address I.e., mail header must be addressed appropriately. New canonical names for mail servers –Valid: imap, pop3, and smtp –Deprecated: , krusty, mail1 Preparing for Authenticated SMTP
Outlook Mail Configuration Insert screen shot of –outlook ->tools->accounts->properties->General –outlook ->tools->accounts->properties->Servers –outlook ->tools->accounts->properties->Advanced
Modem Pool Changes Change: Uses must call modem pool with Caller-ID enabled Reasons: –To reduce amount of SPAM mail –To reduce DOS attacks –To increase accountability Telephone Number: * Enforcement Date: Pending
Access Control Reduce the amount of SPAM mail Reduce exposure to copyright infringement Reduce exposure to DOS attacks Increase bandwidth to campus community Increase the integrity of inter- and intra-campus network communications Increase productivity of all by not dealing with SPAM and other such attacks
Approach Attack problem in levels Reduce the number of entry points to campus Reduce the number of exit points to campus Move towards authenticated and encrypted protocols and applications, e.g., SSH SSH (secure shell as an alternative to telnet) –csun1.csun.edu: SSH-1.99-OpenSSH_3.0.2p1 (Good) –nikita.csun.edu: SSH-1.99-OpenSSH_3.0.1p1 (Bad) Draft Policy is emerging
Draft Policy (for discussion purposes) 1.All inbound network connections shall be limited to only identified servers on specific ports. 2.All outbound network connections shall be sent to only appropriate servers on specific ports. 3.All network traffic that carries data that have “privacy” issues shall be encrypted. Definition of “servers” and required “ports” is defined locally
Thoughts on Web Improvements Intranet Web (via vhosting) URL File location ~tsag/public_html ~tsag/campus_html (enforcement of https protocol, is there a need?) PHP Enhanced Search Capabilities Statistics Gathering