The document discusses university issues presented by several speakers. William Annis from the University of Wisconsin discussed managing growth in their biomedical computing group. David Brumley from Stanford University talked about computer security and incident response at Stanford. Robyn Landers from the University of Waterloo discussed residence hall networking. Kathy Penn from the University of Maryland outlined backup procedures and policies for systems at the Institute for Systems Research.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as PPT, PDF, TXT or read online from Scribd
The document discusses university issues presented by several speakers. William Annis from the University of Wisconsin discussed managing growth in their biomedical computing group. David Brumley from Stanford University talked about computer security and incident response at Stanford. Robyn Landers from the University of Waterloo discussed residence hall networking. Kathy Penn from the University of Maryland outlined backup procedures and policies for systems at the Institute for Systems Research.
The document discusses university issues presented by several speakers. William Annis from the University of Wisconsin discussed managing growth in their biomedical computing group. David Brumley from Stanford University talked about computer security and incident response at Stanford. Robyn Landers from the University of Waterloo discussed residence hall networking. Kathy Penn from the University of Maryland outlined backup procedures and policies for systems at the Institute for Systems Research.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as PPT, PDF, TXT or read online from Scribd
The document discusses university issues presented by several speakers. William Annis from the University of Wisconsin discussed managing growth in their biomedical computing group. David Brumley from Stanford University talked about computer security and incident response at Stanford. Robyn Landers from the University of Waterloo discussed residence hall networking. Kathy Penn from the University of Maryland outlined backup procedures and policies for systems at the Institute for Systems Research.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as PPT, PDF, TXT or read online from Scribd
Download as ppt, pdf, or txt
You are on page 1of 26
University Issues
William Annis - University of Wisconsin
David Brumley - Stanford University Robyn Landers - University of Waterloo Kathy Penn - University of Maryland Jon Finke - Rensselaer Polytechnic Institute Format Begin Open Topic_List_Cursor; Loop fetch Topic_List_Cursor into Topic,Presenter; exit when Topic is Null; Introduce(Presenter, Minutes =>1); PresenterDiscusses(Topic, Minutes => 10); PanelRebuts(Topic, Minutes => 5); AudienceComments; end loop end; Topics: Managing Growth • William Annis Computer Security and Incidence Response • David Brumley Residence Networking • Robyn Landers Backups - Procedure and Policy • Kathy Penn Managing Growth William Annis Biomedical Computing Group - U Wisconsin • Statisticians - Grads, Faculty and Post Docs • Solaris (20 Servers, 40 desktops), 40 Xterms • Citrix NT for NT applications • Web and database servers. • 2 FT Admins, 1/2 Manager, 3/4 Student When I started:
No admin, just parts of staff and an occasional
grad student Machines acting as file servers al over campus Strange, uncommented code kept us running How we changed:
Wrote a large document
Centralized everything One OS version cfengine squashes irregularities The change:
Took two years -- will be done RSN
Initial steps noisy and obvious Users still not quite sure of the centralized computing concept Admin brain-retooling took a while Computer Security and Incidence Response David Brumley [email protected] Stanford University • Fiber to Internet (100 MB/S single duplex); OC12 to Internet2 (600MB/S full duplex); up to 2.6 gigabit internally (full duplex) • 505 Active subnets, 53216 registered nodes • 18116 PCs, 9305 Macs, 2629 Unix • 2299 Network Infrastructure, 711 Other • 1997 Printer, 338 Unknown, 258 X-terminals Residence Hall Networking Robyn Landers [email protected] University of Waterloo, Math Faculty, Undergrad • Mostly Sun(22) servers, X terminals(200) • WinCenter (PC apps on X terminals) • Network Appliance NFS servers – Unix, PC home directories • SGI (14), PC ( 90) and Mac(120) %cc hello.world.c eh.oot Nice starting point: www.adm.uwaterloo.ca/infohous/resnet Techie details: www.ist.uwaterloo.ca/cn/Residence/tech.html Getting Connected
policy agreement fill out form, incl. MAC address forms hand-entered into spreadsheet scripts extract info into DHCP tab and router ARP entries Rate Limiting
cron job queries router every 12 minutes
compute traffic volume per IP • daily total (150 Mb/day) • running average (25 Mb/day) exceed limit => external access cut off web page where students can check their own stats reduces accidental and intentional misuse manual intervention in case of policy abuse Privacy and Security
access control on hosts that have resnet info
can’t use DHCP info to track down student’s personal info, for example students can view only their own usage stats Interesting Problems
student set up rogue DHCP server
some MS W98 network drivers locked up after receiving DHCP answer some W98 needed a vendor tag set in DHCP entry (value irrelevant) forging mail and news client-side denial of service -- client grabs all the IPs server spoofing Uninteresting Problems
syntax errors in DHCPtab from manual entry
• now have automatic checker wall jacks fail from abuse Non-Problems
automatic rate-limiting prevents network
overload students learn and share local sources, reducing need for off-site Summary What’s cool • auto rate limiting (Perl. Uses no vendor-specific features. Router just needs to keep and report traffic stats so you can query it.) • web page where studens check their usage What would be nice • on-line D.I.Y. registration • use the D in DHCP Other implementations • Stanford’s Secure Public InterNet ACcess Handler http://spinach.stanford.edu Backup -- Procedure and Policy Kathy Penn [email protected] Institute for Systems Research, U Maryland • 900 Grad Students, 60 Faculty, 40 Admin Staff • 175 Unix (mostly Sun), 100 PCs & Macs • Sys Admin staff - 5 FTE, 5 Student • 3 Class C Subnets, but routers run by University networking department Backups
Everyone does them
Everyone does restores Everyone verifies backups But does everyone know how? Document Your Procedures
How to do the actual backups
How to do the restores Have someone step through the instructions Don’t forget Why, Where, Which Document Your Policies
For staff and users
How frequently backups are made How frequently archival copies are made How long archives are kept What do you NOT backup, and why Restoration Information
How do users request restores?
If they can do their own restores, how? How long do restores take? Who can request restores? IANAL (I Am Not A Lawyer)
Check with your central University policy
Check with University lawyers Document Everything -- especially your policies These Slides Will Be Available Near You Soon! Http:www.rpi.edu/~finkej/u-issues/