Present: Mark Aldenderfer, Arlene Allen, Jerry Baltes, Eric Brody, Polly Bustillos, Chris Dempsey, Matt Dunham, George Gregg, Mark McGilvray, Alan Moses, Joan Murdoch, Larry Murdock, Dan Ringwald, Fuzzy Rogers, Kevin Schmidt, Jan Smith, Chris Sneathen, Paul Valenzuela, Craig Welsh
Discussion was tabled until the next meeting.
Tickets are available on a first-come, first-served basis, with a set period of time to propose their use. Details and a link to the Gartner events schedule is available on the OIT website. Paul Valenzuela will be taking requests over the next two weeks.
Arlene reported that we are now registered with OBLIX, and the two server machines are in house; one is ready, and the other is waiting for parts. Testing is planned, and volunteers are needed to allow the program to access webservers and run trials with real data. AuthDir will be meeting again to focus on OBLIX code. The purchase was made from Arlene’s available funding, which will be reimbursed at a later time, and the Vice Chancellor of Administrative Services, the Accounting Office, and the Office of Student Information Systems have committed funds towards the cost.
Also, due to security concerns and the need to update, LDAP will be undergoing some changes. The new configuration for the LDAP will be divided between internal and external servers, rather than using the three machine configuration currently in use.
Kevin Schmidt reported that network IP address capacity is becoming a problem, and that new "slash 18" address space can be expected for next summer. This is the best solution available to us considering the current budget crisis. This will allow consolidation of space currently overly fragmented, and although no new address allocations have been projected yet, based on history, growth predictions, and educated guesses, we should expect a 10% growth rate per year over the next 4 or 5 years. More information will be available from Kevin as things develop.
Kevin reported that between 250 and 300 machines were hit in the first couple of days, and 10 machines had been hit since Friday. UCSB is doing relatively well, but the attack monopolized a considerable amount of time. Evaluation of filter processing is underway for possible automation of the response functions. So many off-campus systems were infected that UCSB was receiving thousands of pings per second, mostly from RPI.edu and Princeton. Some networks died; some were overloaded and ignored responding for a short time. One of the problems that surfaced was infected personal machines (i.e., laptops) connecting to networks behind the filters, which pointed out the importance of knowing who is using your network and the vulnerabilities related to mobile logons. This may lead to 8310X authentication as part of the logon process, as the user ID becomes more important than the IP address. Port-scanning processes will become more desirable to allow accessing and checking (similar to Blue socket in use at the UCEN), but this must be done as close to the host as possible to be effective. Kevin is pursuing solution possibilities from Sophos and should have a response in about a month. ResNet is concerned about incoming students bringing infected computers. Student access to ResNet will be restricted at move-in until Housing confirms antivirus cleansing by subnet, which may delay student access by a week. With ResNet unavailable, the campus can expect students with laptops to look for someplace else around campus to plug into the network. George indicated that more and more students are coming to campus with laptops, and the number of wireless connections are increasing as well. Kevin also voiced an additional concern regarding wireless connections and the liabilities surrounding downloads, specifically DMCA copyright infringements and UCSB’s current inability to determine responsible parties. Access, identification, and authorization is becoming more and more important, and it is important that all authorizations be done consistently every time.
Fiber Optic Cable Allocations
Larry Murdock noted that some areas of the campus have high connectivity to fiber optic rings while others are lacking, and pointed out that the current "first-come, first-served" method of allocation is inadequate, and that there should be a process for capacity planning that is proactive towards academics and considers University goals and campus-wide priorities. It was recognized that the original procedures predate the Office of Information Technology, and there now exists not only a need to update the allocation process, but also to determine current needs, utilization levels, and problems. Elise is working on a Fiber Support Project, which should be visited, and the EVC is aware that connectivity is a "must-solve" problem, but funding is also an issue and is part of the pending Network Funding Model that needs to be developed.
Campus IT Conferences
Matt Dunham mentioned that it has been some time since the last OIT technology meeting for the campus, and that it might be time to bring it back. This may have been the victim of budget cuts; Kevin will check with Elise to see if there is one in the works.
Back to ITPG Meeting Schedule