Technology Update

1
Technology Update

• TSAG Meeting 8/8/02

2
Announcements

• Account Cleanup
• Number of Accounts 41,338
• Number of Faculty/Staff 3,000
• Number of Students 30,000 ( 8K ???)
• Mandatory Password Changes Coming in October!
• Disk Quota Mail and Data
• Data Mail
• Faculty/Staff 30MB 10MB
• Student 10MB 5MB
• Other  5MB 5MB
• Security Self-Assessment
• Wireless Update

3
Topics for Discussion

• Directory (NET) Initiative Update
• Mail/Calendaring Update
• DNS Cleanup Plans
• Network Access Control
• Training for TSAG members

4
Directory Initiative Update

• Peoplesoft Authentication via the directory
• Go Live Date for HR and Financials 10/9
• Authenticate via
• E-mail address steven.fitzgerald_at_csun.edu
• Account name sfitzger
• PS OperatorID E0042345 (current method)
• Password updates via http//www.csun.edu/account
  
• Account naming updates
• ECS and AdminFinance
• Individual Accounts
• Your task Have you local account naming
  convention unified with the campus directory.

5
New Mail/Calendaring System Activities

• We have been exploring possible replacement for
  our
• mail system (Messaging Direct)
• calendaring system (Meeting Maker)
• Current major contenders are
• Microsoft Exchange,
• Sun One Messaging (formally iPlanet) ,
• Mirapoint Message Server,
• Or combination thereof
• Non-evaluation efforts, (i.e., cleanup)
• Elm (Electronic Mail)
• Is not IMAP compatible and is not supported
• We plan to purge all HOME/.elm directories!
  (Comments?)

6
Email Related DNS Naming and Cleanup

• Preferred/Supported DNS names imap, pop, pop3,
  and smtp
• Deprecated DNS names to be removed Nov
  15 email, mail1, mailsrv1, hp9k2,
  krusty, huey, exec, dewey, (total of 14
  CNAMES)
• References to the mail servers via hard-code IP
  address are not supported!
• Your task
• Update mail clients to use the service-naming
  convention
• Review and update all web pages for bogus
  mailto links (e.g, mailtosteve_at_huey.csun.edu)
  

7
Majordomo Cleanup

• Reason for Cleanup
• Spring cleaning
• Preparing for list serve functionality to be
  supported by the Campus Directory
• To minimize Campus exposure to SPAM
• Some Stats July August
• Previous number of lists 4000
• Current number of lists 1047 787
• Current number of entries 39,398 27,436
• Future Activities
• Probe messages to all members of OPEN lists
• Probe messages to owners/moderator of CLOSED
  lists
• Probe messages for m-z-l lists have not been
  sent yet

8
.forward files

• Many accounts are being used solely ase-mail
  reflectors
• .forward file will not work with any of the
  potential mail solutions
• Needs
• To eliminate accounts used just for e-mail
  reflectors
• To move such reflectors to an appropriate
  alternative, e.g.,
• Mail alias
• Majordomo-style list
• Etc.

9
Antivirus Mail Filtering

• To be put into production shortly, were
  finalizing testing.
• System supports LDAP-based mail routing!
• Architecture designed around future campus mail
  solution
• Goals for the new mail solution
• Redundancy
• Scalability
• Flexibility (e.g., to support different SPAM
  policies?)

10
Proposed Antivirus/Mail Architecture
Internet
Firewalls
Routers
Primary smtp Secondary imap pop
AntiVirus
mx10
mx20
Mail Routers
Primary imap, pop Secondary smtp
Mail Servers
krusty
test1
test2
11
DNS Cleanup Plans

• Recent survey of DNS should 650 defunct DNS
  names
• Proposed process/timeline to cleanup
• Send periodic ICMP ping probes to all DNS entries
  (8/26-9/13)
• Correlate data obtained from probes (9/16-9/19)
• Inform TSAG of DNS names to be deleted (9/20)
• Purge all defunct DNS names (9/23)
• Your Task
• Ensure your printers, servers are on line and
  respond to ICMP pings
• Otherwise inform helpdesk that you wish to retain
  your DNS name

12
Network Access Control

• We have made lots of progress still more to do!
• Recent Changes
• Blocking the following ports 1-19
• Blocking the following protocols on the default
  ports
• Jet Direct Flexlm netbios-ssn loc-srv svrloc
  ldap ldaps
• Blocking all inbound network connections to
• Subnet 31 (Library East Wing)
• Subnet 57 (Library Open Labs)
• We need to information on Internet Servers!
• Internet Server A server that provides one or
  more services to individuals not located on the
  campus network

13
Proposed Edge ACL Changes

• Block all inbound ports in the range 0-512
  (1-19 done)
• Exceptions
• ftp (port 20, 21)
• ssh (port 22) telnet (port 23)
• smtp (port 25) pop3 (port 110) imap (port 143)
  (for only identified hosts)
• http/s (port 80, 443)
• Block all inbound ports for the following
  protocols
• printer (port 515) x11 (ports 6000-6063)
• socks (port 1080) x font-service (port 7100)
• print_agent (ports 3396) mindprint (port 8033)
• jprinter (port 5309) xprint-server (port 8100)
• Target date September 6

14
Training for TSAG members

• TSAG has recommend that the Campus adopt XP as
  the preferred Microsoft-based desktop OS.
• Training for XP and .NET has been arranged.
• First week of training held 7/29-8/2
• Impressions?
• Your task Inform Chris Sales as to your
  participation.