IET Report : Infrastructure
This section discusses the extensive infrastructure technology services and support that IET provides to the campus. These cover quite a wide range, including middleware projects; campus network security; software and technology support; telecommunications and wireless networking; video and photography services; and publications and news.
Computing and Network Security
New Cyber-Safety Program Adopted at UC Davis
An important new security policy that will provide a much more stable, reliable, and productive campus computing environment was officially adopted at UC Davis in April 2005. Named the Cyber-safety Program, the policy defines both responsibilities and key practices for assuring the integrity, availability and confidentiality of UC Davis computing systems and electronic data. The program also requires annual reporting of campus units' progress towards implementing the recommended security measures. For more information about the program, including the policy, campus directive and action plan, see security.ucdavis.edu/cybersafety.cfm.
Contract for Campus Central Firewall Services Signed
Earlier this month, the campus signed a contract with Netscreen to provide a range of firewall solutions to campus departments. IET will offer the following four firewall service level options:
- Complete turnkey service managed by IET
- Department-owned and operated service
- Equipment sparing service
- Custom installation service
Firewall training for system administrators and other technical staff is anticipated to begin in July. As a first step, Netscreen will provide training for IET staff, using a train-the-trainer approach. Netscreen will also provide additional training classes, which will be targeted at departmental security administrators. On-going training will be provided by IET. Additional training opportunities are being explored, including web-based training and virtual laboratories.
Additional information about these service options is available on the Computer & Network Security site (security.ucdavis.edu/firewalls.cfm).
Spaces Filling Quickly for Upcoming IT Security Symposium
Over 200 registrants from UC campuses, the UC Office of the President, local schools, universities and the City of Davis are expected to attend the 2005 IT Security Symposium, scheduled for June 22-24. Offering nearly 30 lab sessions and lectures, a prominent keynote speaker, networking opportunities and an $85 registration fee, the Symposium registration has proven popular with technical staff members. Several sessions reached enrollment capacity within the first two weeks of the registration period.
Those unable to attend the entire IT Security Symposium may enjoy the keynote address by Scott Charney, Microsoft Chief Security Strategist, which will be presented via real-time video in 2 Wellman Hall on June 22, 9-10:30am. Additional information about the 2005 IT Security Symposium and viewing the free keynote video is available at itsecuritysymposium.ucdavis.edu/.
Vulnerability Scanning Improved; Intrusion Detection System on the Way
In February, two key components were integrated into the campus vulnerability scanning system: VLAN scanning and a honeypot. Both the daily VLAN scanning component and the honeypot were transitioned from the vulnerability detection system (originally developed in Fall 2003) to the newer, more robust and updateable system. The honeypot and daily VLAN vulnerability/infection scans gather information about malicious traffic on the campus computing network and logs the information in the searchable Computer & Network Security Report database (secalert.ucdavis.edu). Reports and email messages are generated from the database to the appropriate VLAN administrator. An intrusion detection system (IDS) is expected to be integrated into the vulnerability scanning system in early June. For more information, see security.ucdavis.edu/vuln_resources.cfm.
Authentication Improved for Many Key Campus Services
Form-based Authentication Rolls Out on MyUCDavis, Geckomail
In mid-April, a new form-based authentication method, called UC Davis Secure Login, was implemented on the MyUCDavis Web portal and Geckomail. This Web application allows users to authenticate to secured sites without storing user information in the Web browser. The application also completes an effective log-out from the secured site, which was not previously available with Web browser authentication.
Since the rollout, the Banner team has expressed interest in using the form for authentication to SISWEB, and discussions are underway to determine if Banner may be the next group to implement this improved authentication method. For more information about UC Davis Secure Login, see xbase.ucdavis.edu/itexpress/article.cfm?art=1065.
Authenticated SMTP to Allow Off-Campus Users to Send Messages Via
Third-Party ISP Connection
IET has developed a plan to implement authenticated SMTP on campus e-mail servers this summer. Once implemented, authenticated SMTP will allow individuals who are off-campus to send messages to on- and off-campus e-mail addresses over a third party ISP connection. The target date for deploying authenticated SMTP is June 21.
Currently, individuals who are off-campus and attempting to send email via
the campus email servers over a third-party ISP connection are limited to sending
mail only to campus email addresses. This limitation is due to the security
risks involved in allowing these "open relays," which have been
disallowed on campus since 1997.
In most cases, users will be required to change a setting in their email program to enable authenticated SMTP. Support documentation will be available to assist users in making this change. A plan is also being developed for announcing the availability of this new email option for off-campus affiliates and "commuters." For additional information, see security.ucdavis.edu/open_relay.cfm.
Campus Discontinues Unencrypted FTP/Telnet Access
On May 18, as part of a continuing effort to enhance computer and network security, UC Davis discontinued insecure telnet and FTP access to the central (ISUN) servers. These protocols previously allowed unencrypted password exchanges, which could permit an unauthorized individual to capture a user's password and use it for malicious purposes. Communications have been targeted to users who have attempted to access the ISUN servers via insecure means in the last year, providing secure alternatives to the insecure telnet and FTP methods. For more information, see security.ucdavis.edu/telnet_ftp.cfm.
Campus Email Servers Now Accept Only Secure Authentications
The campus email servers were recently re-configured to only accept secure authentications for POP and IMAP connections. Beginning in mid-February 2005, the changes were implemented over a four-week period, thereby minimizing the impact on campus clients as each server was transitioned. This phased transition allowed IT Express, the campus help desk, to provide timely support to those who needed to makes changes to their email client. For more information, visit security.ucdavis.edu/secure_email.cfm.
Planning Underway for Enhancements to Spam Filtering Service
In an effort to further reduce the number of unsolicited commercial (spam) email messages passing through the campus email servers, planning is underway to enhance the spam filtering service that was first implemented in May 2003. Enhancements include:
Temporary quarantine of high scoring messages (available on June 8)
Messages scoring 15 points or higher would be sent to quarantine message folders automatically created for all campus email users. Quarantined messages will be saved in those folders for 30 days. Users will be prompted to review those messages periodically.
Real-time black list (available on June 8)
This feature identifies spam by running a script on campus email logs and identifying the IP addresses from which spam is sent. If a particular IP address sends more than 20 messages identified as spam in at least a 24-hour period and over 85% of messages sent from that address is identified as spam, the IP address is added to the campus blacklist. All messages originating from IP addresses on the blacklist will be rejected by the campus email servers. Those IP addresses will be posted on a Web page.
Refinements to spam scoring system (available in July)
Bayesian filtering: the training process used to distinguish spam from legitimate mail Distributed Checksum ClearingHouse (DCC): identifies SPAM by storing the checksum and number of messages sent.
For additional information about spam filtering or to set up filtering on your campus email account, see security.ucdavis.edu/spam.cfm.
Telecommunications & Networking
Telephony Database to Facilitate Strategic Planning
The engagement with Western Telecommunications Consulting (WTC) is nearing completion. WTC is working with IET to develop a comprehensive database of all campus telephony infrastructure, including a survey of all equipment rooms and closets. At its conclusion, the campus will possess an inventory of over 600 buildings and 1500 telephone rooms, structured in a manner that can be used to assess costs for building remodels, and possible upgrades to the core network system for years to come. The database will make it possible to get cost-based answers to a variety of "what if?" technology questions, including those that are strategic in nature, i.e., "what is the impact to migrate to a converged network?" as well as tactical, i.e., "how much will it cost to replace…?".
Carrier Services RFP to Reduce Voice Costs
A Request for Proposal ( RFP) is being developed to solicit bids from vendors for Outbound Interstate, Intrastate, International, Operator Assisted, and Directory Assistance Services from campus PBX (Private Branch Exchange) and Centrex locations; Calling Card Services, Toll-Free Inbound and Outbound Services, and Teleconferencing Services.
The RFP encompasses three main objectives:
Provide PBX outbound call traffic physical path redundancy between the
University campus, the voice carriers, and the Public Switched Telephone Network
Provide vendor diversity between the University campus and the PSTN. In order to accomplish this objective, UC Davis will award two or more vendors some portion of traffic for outbound calling services.
Provide a reduction in overall voice carrier costs for all carrier services.
Due to recent and ongoing changes in the telecommunications environment, this RFP will enable Communication Resources to reduce its fiscal and operational costs for all carrier services provided to campus while improving the quality and reliability of those services. The RFP is in the final edit stage and will be distributed to vendors for response in late June. The new services are expected to be available in August 2005.
Cellular Site RFP to Expand Core Campus Cellular Coverage
IET, in coordination with the Office of Real Estate Services, will be issuing a cellular site licensing RFP that will make campus rooftops available to cellular providers that meet the campus' licensing criteria. This RFP will be the first time that UC Davis has opened the core campus to cellular service providers. Current cellular coverage in the core campus area is insufficient to meet the anticipated future demand by students, staff, and faculty. Since only a small share of campus cellular phone users are managed by IET, the campus determined that site licensing agreements should be negotiated with the greatest number of cellular carriers, with a focus on coverage and site license revenue generation.
Campus Wireless Network Upgrades Continue
IET is working to roll out a number of enhancements to wireless services over the summer. Two pilot projects are underway: one to test a Bluesocket wireless gateway (with the School of Law), and the other to improve network administrator access to AP usage statistics and traffic reports through a new wireless access point management system from Airwave. Barring any major problems, both services will be rolled out this summer.
In addition, a new guest access service model is being explored to alleviate the requirement for MAC address registration and to allow different types of guest access, both short and long term. Lastly, testing will begin in late summer to add departmental Virtual Local Area Networks (VLANs) to the centrally managed public wireless access points using 802.1x secure authentication. Departmental VLANs have not previously utilized the centrally-managed wireless network because the campus "public network" is not encrypted. This will enable network administrators to integrate wireless and wired access for their departmental users. For more information, visit wireless.ucdavis.edu.
CR Looks to Improve Customer Service by Implementing New Processes
To provide better service to the UC Davis campus, IET-Communications Resources (CR) is implementing new internal and external solutions and processes. These include:
- Performance Management will link all CR employee positions to the department direction and provide employees with meaningful measurements for success. Business Operations (Internal Processes), Service, Costs and Financial metrics have also been defined to assess CR's ability to meet customer's needs and business goals.
- In an effort to integrate directory listings with the campus middleware structure, streamline current processes, and provide the most current listings to the campus community, a project addressing directory information systems will also begin during the summer.
- Efforts are underway to evaluate IP technology and understanding the business case that would be required for any future implementation of IP technology. Existing technology that could be enhanced with the integration of IP Technology would include video and voices services.
Video and Photography Services
Videoconferencing Center Provides World-Wide Assistance to Campus Departments
During Winter 2005, the Videoconferencing Center supported four distance learning courses, including an Animal Science class with Cal Poly-San Luis Obispo and Pomona, a Forensics class with the University of Chicago, and a language course from UCLA. In addition to the many videoconferences routinely held in the two Olson Hall facilities (clients include Engineering, Political Science, International Relations, and the Law School), the Center coordinated a conference between the Education Department and Riyadh, Saudi Arabia. For more information about campus videoconferencing, visit cts.ucdavis.edu/services/vtc.
IET produces a number of publications and news items designed to keep the campus community informed about services available to them as well as recent or upcoming on-campus technology developments. Recent communication highlights follow.
Technology Timeline Looks Back at Over 20 Years of Campus Progress
Originally published in the IT Times, this recently updated technology timeline provides a visual reminder of the accelerating pace of technological changes in the first years of the 21st century, and the overall advances made in the past thirty years. This timeline may be downloaded at iet.ucdavis.edu/pubs/Tech_Timeline_2004.pdf.
Hypertext, A Quarterly Student Newsletter, Now Available for Spring 2005
The Spring 2005 edition of Hypertext, a quarterly newsletter designed to keep students informed about the latest campus computing news, is now available on campus and on the Web. Hypertext was developed by an IET team of student employees and staff.
Topics covered in the Spring 2005 issue include: avoiding phishing scams, getting organized by using the Internet, and how Web-based email applications differ from software email clients. A downloadable PDF of Hypertext is available online (scg.ucdavis.edu/hypertext/2005spring.pdf), and students can pick up the print copy of this newsletter at IT Express (182 Shields Library) or any of the computer rooms. To submit comments or suggestions about this publication, email firstname.lastname@example.org.
Live on One Shields Avenue: IET at Picnic Day 2005
Computer Lab Management (CLM) worked with various departments in IET, including Info & Events and Mediaworks, to create an exhibit at Picnic Day 2005. Reflecting the unique, student-run nature of Picnic Day, IET student employees organized, taught, and worked on the exhibits and classes that were open to the 60,000+ attendees at this year's event.
Following up on this year's event theme, "Live on One Shields Avenue," activities available at the IET exhibit included classes, digital photos, and live streaming footage of the Doxie Derby. IET also offered five classes on different multimedia software, which were highlighted by the Aggie student newspaper at one the Top Ten Things to do at Picnic Day. The programs showcased in the classes were Flash MX, Photoshop CS, iMovie, Illustrator CS, and Dreamweaver MX. Each of these classes drew at least 15 people, and the Flash classes were standing room only. More than 400 people viewed the exhibit from 10am-4pm.
Winter 2005 Edition of IT Times Discusses Recycling Old Computers, Web Browser Safety
The IT Times is a quarterly newsletter providing practical and timely information regarding technology issues facing the campus, current and upcoming IET services, and technology-related campus projects and initiatives. Topics covered in the Winter 2005 edition include the campus' recycling program, how to avoid phishing scams, and the new Sciences Lab Building. An online version of the IT Times is available at ittimes.ucdavis.edu/pdf/ITT_Winter_05.pdf and print copies can be picked up at IT Express (182 Shields Library) or any of the computer rooms. To submit comments or suggestions about this publication, email email@example.com.
Technology News Delivered Directly To Campus Users' Mailboxes
The campus computing news Web site (technews.ucdavis.edu) and companion listserv offer a convenient option for the UC Davis community to stay informed about new campus initiatives, projects, security alerts, applications of technology in the classroom, and other campus technology issues. During Winter 2005, articles in TechNews included security-related info (i.e., an expose on phishing scams), campus technology announcements (i.e., the new computer lab in the Sciences Lab Building) as well as links to computer-related technology columns, IT Times stories, and announcements regarding IET services. To receive a weekly abstract with links to the latest headlines, visit technews.ucdavis.edu/subscribe.cfm.
Bits & Bytes Technology Columns Now Available Online
The student-written Bits & Bytes column, which formerly appeared in the Aggie, now calls the Student Computing Guide Web site (scg.ucdavis.edu) home. Bits & Bytes columns are created by a team of student employees within IET-Information & Events, in collaboration with many other IET units, including Computer Lab Management and IT Express. Updated on a weekly basis, these student-focused articles tackle topics like computer room improvements and the differences between Web browsers. To view the latest Bits & Bytes column, visit scg.ucdavis.edu/bitsbytes.
IET Services Showcased at Campus Service Fair
Communications Resources, Client Services, Classroom Technology Services, Mediaworks, and Information and Events represented IET at this year's Campus Service Fair, held on May 3rd in Freeborn Hall. IET staffed four tables, with additional space for CTS to showcase their portable videoconferencing unit. CTS also showed their new online ordering system, as well as other multimedia equipment. Mediaworks' primary focus was showcasing the ET Partners program, although they also used a projection screen to showcase a gallery of projects. CR's focus was on wireless (including pagers), the new campus directories, and their CSRs. Several of their wireless vendors were also present. Client Services answered numerous questions about wireless access, spam, viruses, and computing safely. I&E showcased recent publications and distributed an updated abbreviated services flyer and six computer security flyers. Two posters (wireless and security), originally created for the MU were also used to help draw attendees to the IET tables. For more information about IET services, see iet.ucdavis.edu.