Finke

Download as ppt, pdf, or txt
Download as ppt, pdf, or txt
You are on page 1of 26

University Issues

 William Annis - University of Wisconsin


 David Brumley - Stanford University
 Robyn Landers - University of Waterloo
 Kathy Penn - University of Maryland
 Jon Finke - Rensselaer Polytechnic Institute
Format
Begin
Open Topic_List_Cursor;
Loop
fetch Topic_List_Cursor into Topic,Presenter;
exit when Topic is Null;
Introduce(Presenter, Minutes =>1);
PresenterDiscusses(Topic, Minutes => 10);
PanelRebuts(Topic, Minutes => 5);
AudienceComments;
end loop
end;
Topics:
 Managing Growth
• William Annis
 Computer Security and Incidence Response
• David Brumley
 Residence Networking
• Robyn Landers
 Backups - Procedure and Policy
• Kathy Penn
Managing Growth
 William Annis
 Biomedical Computing Group - U Wisconsin
• Statisticians - Grads, Faculty and Post Docs
• Solaris (20 Servers, 40 desktops), 40 Xterms
• Citrix NT for NT applications
• Web and database servers.
• 2 FT Admins, 1/2 Manager, 3/4 Student
When I started:

 No admin, just parts of staff and an occasional


grad student
 Machines acting as file servers al over campus
 Strange, uncommented code kept us running
How we changed:

 Wrote a large document


 Centralized everything
 One OS version
 cfengine squashes irregularities
The change:

 Took two years -- will be done RSN


 Initial steps noisy and obvious
 Users still not quite sure of the centralized
computing concept
 Admin brain-retooling took a while
Computer Security and
Incidence Response
 David Brumley [email protected]
 Stanford University
• Fiber to Internet (100 MB/S single duplex); OC12 to
Internet2 (600MB/S full duplex); up to 2.6 gigabit
internally (full duplex)
• 505 Active subnets, 53216 registered nodes
• 18116 PCs, 9305 Macs, 2629 Unix
• 2299 Network Infrastructure, 711 Other
• 1997 Printer, 338 Unknown, 258 X-terminals
Residence Hall Networking
 Robyn Landers [email protected]
 University of Waterloo, Math Faculty, Undergrad
• Mostly Sun(22) servers, X terminals(200)
• WinCenter (PC apps on X terminals)
• Network Appliance NFS servers
– Unix, PC home directories
• SGI (14), PC ( 90) and Mac(120)
%cc hello.world.c
eh.oot
Nice starting point:
www.adm.uwaterloo.ca/infohous/resnet
Techie details:
www.ist.uwaterloo.ca/cn/Residence/tech.html
Getting Connected

 policy agreement
 fill out form, incl. MAC address
 forms hand-entered into spreadsheet
 scripts extract info into DHCP tab and router ARP
entries
Rate Limiting

 cron job queries router every 12 minutes


 compute traffic volume per IP
• daily total (150 Mb/day)
• running average (25 Mb/day)
 exceed limit => external access cut off
 web page where students can check their own stats
 reduces accidental and intentional misuse
 manual intervention in case of policy abuse
Privacy and Security

 access control on hosts that have resnet info


 can’t use DHCP info to track down student’s
personal info, for example
 students can view only their own usage stats

Interesting Problems

 student set up rogue DHCP server


 some MS W98 network drivers locked up after
receiving DHCP answer
 some W98 needed a vendor tag set in DHCP entry
(value irrelevant)
 forging mail and news
 client-side denial of service -- client grabs all the IPs
 server spoofing
Uninteresting Problems

 syntax errors in DHCPtab from manual entry


• now have automatic checker
 wall jacks fail from abuse
Non-Problems

 automatic rate-limiting prevents network


overload
 students learn and share local sources, reducing
need for off-site
Summary
 What’s cool
• auto rate limiting (Perl. Uses no vendor-specific features. Router
just needs to keep and report traffic stats so you can query it.)
• web page where studens check their usage
 What would be nice
• on-line D.I.Y. registration
• use the D in DHCP
 Other implementations
• Stanford’s Secure Public InterNet ACcess Handler
http://spinach.stanford.edu
Backup -- Procedure and Policy
 Kathy Penn [email protected]
 Institute for Systems Research, U Maryland
• 900 Grad Students, 60 Faculty, 40 Admin Staff
• 175 Unix (mostly Sun), 100 PCs & Macs
• Sys Admin staff - 5 FTE, 5 Student
• 3 Class C Subnets, but routers run by University
networking department
Backups

 Everyone does them


 Everyone does restores
 Everyone verifies backups
 But does everyone know how?
Document Your Procedures

 How to do the actual backups


 How to do the restores
 Have someone step through the instructions
 Don’t forget Why, Where, Which
Document Your Policies

 For staff and users


 How frequently backups are made
 How frequently archival copies are made
 How long archives are kept
 What do you NOT backup, and why
Restoration Information

 How do users request restores?


 If they can do their own restores, how?
 How long do restores take?
 Who can request restores?
IANAL (I Am Not A Lawyer)

 Check with your central University policy


 Check with University lawyers
 Document Everything -- especially your policies
These Slides Will Be Available
Near You Soon!
 Http:www.rpi.edu/~finkej/u-issues/

You might also like