TSAG Meeting1/09/02

Update on Current Technology Initiatives

Steven Fitzgerald

Announcements

• Availability: Gartner Group Data: http://library.csun.edu/gartner.html

• Replacement: Account Maintenance System (January 28, 2002)

• Phase out: Meeting Maker V5 (January 19, 2002)

• Release: Web-based Email (February 5, 2002)

• Changes:– To mitigate SPAM mail (February 15, 2002)

(mail header must be addressed appropriately)

– To strength Modem Pool Authentication (*82 818 677 6700) (Pending)

Email Changes

• Place tighter restrictions on Mail Headers– Incoming mail

“To” field must be valid CSUN address

– Outgoing mail “From” field must be a valid CSUN address“Reply-to” filed may be any valid address

I.e., mail header must be addressed appropriately.

• New canonical names for mail servers– Valid: imap, pop3, and smtp– Deprecated: email, krusty, mail1

• Preparing for Authenticated SMTP

Outlook Mail Configuration

• Insert screen shot of – outlook ->tools->accounts->properties->General

– outlook ->tools->accounts->properties->Servers

– outlook ->tools->accounts->properties->Advanced

Modem Pool Changes

• Change: Uses must call modem pool with Caller-ID enabled

• Reasons: – To reduce amount of SPAM mail

– To reduce DOS attacks

– To increase accountability

• Telephone Number: *82 818 677 6700

• Enforcement Date: Pending

Access Control

• Reduce the amount of SPAM mail• Reduce exposure to copyright infringement• Reduce exposure to DOS attacks

• Increase bandwidth to campus community• Increase the integrity of inter- and intra-campus

network communications• Increase productivity of all by not dealing with

SPAM and other such attacks

Approach• Attack problem in levels• Reduce the number of entry points to campus• Reduce the number of exit points to campus• Move towards authenticated and encrypted protocols

and applications, e.g., SSH

• SSH (secure shell as an alternative to telnet)– csun1.csun.edu: SSH-1.99-OpenSSH_3.0.2p1 (Good)– nikita.csun.edu: SSH-1.99-OpenSSH_3.0.1p1 (Bad)

• Draft Policy is emerging

Draft Policy(for discussion purposes)

1. All inbound network connections shall be limited to only identified servers on specific ports.

2. All outbound network connections shall be sent to only appropriate servers on specific ports.

3. All network traffic that carries data that have “privacy” issues shall be encrypted.

Definition of “servers” and required “ports” is defined locally

Thoughts on Web Improvements

• Intranet Web (via vhosting)URL File locationhttp://www.csun.edu/~tsag ~tsag/public_htmlhttp://cww.csun.edu/~tsag ~tsag/campus_html(enforcement of https protocol, is there a need?)

• PHP• Enhanced Search Capabilities• Statistics Gathering