Upload
ike
View
28
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Technology Update. TSAG Meeting 6/13/02. Announcements:. DNS Naming and Cleanup (coming!) imap: email, mail, mail1, mailsrv1 telnet, csun1: csun2, hp9k2, louie, huey Task: update all your mail clients to use the service-naming convention. Exec Server Phased Out - PowerPoint PPT Presentation
Citation preview
Technology Update
TSAG Meeting 6/13/02
Announcements:
DNS Naming and Cleanup (coming!) imap: email, mail, mail1, mailsrv1 telnet, csun1: csun2, hp9k2, louie, huey
Task: update all your mail clients to use the service-naming convention.
Exec Server Phased Out Planned and Announced Maintenance
Friday, June 14 6:00PM-12:00PM (tomorrow) Friday, June 21 6:00PM-12:00PM (next week)
Directory Initiative Announcements New Directory Infrastructure in placed.
LDAP Directory on hp9k1.csun.edu:1389 to be eliminated
New servers installed: ldap.csun.edu:389 General lookup and CSU testbed odir_master:389 Primary OpenLDAP server odir_slave:636 (Friday) Secondary OpenLDAP server
LDAP Replication to go into production Friday Outlook’s Find People moving towards
production. (Note the configuration change.)
Outlook: Find People
Server Name: ldap.csun.edu
Search Base: o=csun
Port: 389
Directory Initiative
In Production: CSUN1 Authentication Email findalias finduser Modem Pool Wireless Network Webmail Majordomo Authentication Vacation Authentication
Next Up: Mail Client: Find People Account Clean up Password Change
Being Discussed/Planned: PeopleSoft Authentication A&F NDS tree ECS Account Naming
Authentication, Authorization, & Information Lookup
Distributed, Replicated Architecture
http://www.csun.edu/accountdir.csun.edu:389dir.csun.edu:636
ldap.csun.edu:389
eDirectory(edir.csun.edu)
OpenLDAP(odir.csun.edu)
ActiveDir.(adir.csun.edu)
Encryption Modules
LD
AP
Ser
ver
Dis
trib
utio
n
O=CSUN
ou=Authentication ou=ITRou=A&R
ou=Users ou=Groups
Top-Level DIT Layout
System Managed
Locally Managed
Managed via local experts
ITR Managed
Access Control:
We have made lots of progress – more to do! Next Steps (target date: June 24)
Blocking the following ports: NFS (2049) and AFS (7000-7008) Blocking all inbound network connections to:
Subnet 10 (Sequoia Hall 1st floor) Subnet 11 (Sequoia Hall 2nd floor)
Proposal Block all inbound ports in the range: 1-19 Block all inbound ports for the following protocols:
Jet Direct: 586 pcanywhere: 19Flexlm: 744 netbios-ssn: 2279loc-srv: 2069 svrloc: 433ldap: 82 ldaps: 636
Maintenance Window ProposalShould you work on a live system?
Three possible Outages exist:1. None (only academically)2. Unplanned3. Planned
Proper maintenance minimizes overall downtime.
Challenge: to find the intersection that minimizes disruptions to the campus community
Current proposed window isFriday’s between 6:00 PM – MidnightFeedback please!
Five Desktop Best Practices(Caleb Fahey)
1. Utilize NTFS (over FAT)2. Enforce Lockout Policies
# of login attempts
3. Setup Ctrl+Alt+Del to prevent automatic logins
4. Remove default administrative shares (//server/C$ //server/$admin)
5. Review and disable unnecessary services (e.g., telnet or IIS)
Campus SPAM Concerns(Chris Sales) There has been a sharp increase of SPAM from off-
campus! Can we block all mail from off campus? Can we block all mail from “.com” domains? Can we block all mail from msn.com? Can we block all mail with words containing:
Click, here, for, instance, access Can we block all mail with the subject:
“Hey its Anna” Can we block all pornography? (Please define!)
The Answer is “No that’s censorship!!!!” Users must use personal filter options