Archive for December, 2001
December 14th, 2001 by Dana Roode
NACS has formed a new 3-person team, Network Planning and Security (NPS or NetPlanSec). NPS is active in a variety of ways to improve the safety and reliability of UCInet.
NPS runs periodic scans for vulnerable servers on campus before attackers do. They also regularly publicize security information and notify system administrators when weaknesses are discovered. Presently, NPS is implementing the campus firewall and Intrusion Detection System. (Details may be found in the Border Router article below.)
NPS staff Garrett Hildebrand, Mike Iglesias, and John Lenning are available for consulting, both one-on-one and in public forums, on such issues as network security, wireless networking and security, and network planning.
Finally, they participate in the UC Policy and Security Officers Group, to develop and assess UC system-wide strategies to resist “cyberterrorism.”
December 14th, 2001 by Dana Roode
NACS has made a number of changes to central services to better meet client needs.
Disk capacity for EA and E4E has been expanded. Users have two separate storage areas: one which provides temporary storage for incoming mail (”inbox”), and the other, with substantially greater capacity, is for long term storage of mail messages, attachments, and any other files (”home directory”).
Undergraduate students are allocated 3MB of inbox space and 8MB of home directory space. Graduate students are allocated 10MB of inbox space and 20MB of home directory space.
Staff and faculty are expected to keep their inbox usage to 10MB, but can continue to receive new mail until the inbox reaches 30MB. Inbox space is limited, and users are advised to download their incoming mail (for POP users) or to refile it to other folders (for IMAP users.) Users who compromise others’ ability to use e-mail by sustained use beyond the 10MB inbox limit are subject to losing the 30MB temporary storage privilege. NACS staff are available to assist users with inbox management.
Regular attention to one’s inbox is recommended, since the main campus e-mail server has been upgraded to allow attachments as large as 10MB. While this change was made as a service to faculty collaborating with off-campus colleagues, it does mean that even a 30MB inbox can fill quickly.
Staff are allocated 20MB of home directory space (but may use up to 50MB on a temporary basis), while academic senate faculty may use up to 100MB of home directory space. Users may review their disk usage and quota at http://www.e4e.uci.edu/ (click on “Quota Check” and authenticate with your UCInetID and password.)
Additional home directory space, if needed, is available for $5/month for each 100MB. Disk space in E4E is high-performance, fault-tolerant, and includes backup and security services. Users whose priority is economy are encouraged to purchase local disk for their desktops and keep their large files there.
December 14th, 2001 by Dana Roode
UCI now has a versatile border router providing a more configurable and secure connection to the Internet.
The border router is a Cisco Catalyst 6509 with a crossbar-fabric switch. The router currently features 32 ports, each running at one gigabit per second (1 Gbit/s) bidirectionally, and is expandable to 180 ports as campus needs grow. It replaces a router with a total bandwidth of 2.4 Gbit/s and represents a substantial upgrade in network capacity.
The border router now aggregates formerly separate circuits to CalREN, the Internet, and Internet2 (Abilene), allowing a single set of policies and security measures to protect the campus across all our links to the rest of the world.
The router is a sophisticated device that allows network administrators to build circuits into, out of, and even back into the router. This permits a virtual path from the Internet to the router, through the campus firewall, back through the router, and on to UCInet. The border router also will support an “intrusion detection system”, presently being designed and implemented, which will complement and enhance the campus firewall.
The intrusion detection system will be able to spot subtle patterns in campus network traffic which represent a network-based attack. It will alert campus network staff when an attack begins, and allow the creation of precise rule sets for network traffic, which will allow UCInet to remain open to legitimate network uses while filtering out many kinds of hostile traffic.
December 14th, 2001 by Dana Roode
NACS welcomes David Pritikin to the Instructional Web Technologies group where he serves as a primary support contact, assisting instructors in the use of web-based technologies. David held a previous position in the NACS Response Center, and has also served in the Claire Trevor School of the Arts computing support unit prior to rejoining NACS.
Diane Dunn has joined NACS as Project Manager for the Communications Project Unit. Diane manages campus-wide network and telephone infrastructure projects. Diane’s goal is to manage project resources and activities so that network projects are completed on time and within budget, but also to maintain the excellent quality of UCInet on which researchers depend.
Clyde Higashida joins Mike Scott and Dawn Bergan-Iglesias as a Network Engineer. Clyde and colleagues not only contribute to the design and maintenance of UCInet, but are also available to the campus community, answering technical questions and making recommendations to NACS for network improvements based on the needs he discovers while working with clients.
John Lenning joins Garrett Hildebrand and Mike Iglesias in the Network Planning and Security group, and will be contributing to both planning and security. John, an MCSE, comes to UCI with experience in the networked Microsoft Windows environment, adding new strength to the group.