Computing and Network Security

Cyber-safety reporting changes for 2008

In April, IET provided its annual state of information security report to the Council of Deans and Vice Chancellors (CODVC). The report discussed the Cyber-safety program, the results of the 2007 Cyber-safety compliance review and plans for the 2008 Cyber-safety survey. A number of schools, colleges and administrative units either reported that they have completed deployment of information security practices for the top seven security vulnerabilities or indicated that plans are underway to implement security enhancement measures. The 2008 Cyber-safety survey of campus units will start in the summer. For the first time, the survey will include compliance indicators for information security standards in the secondary priority category. Contact: Bob Ono, IT security coordinator, raono@ucdavis.edu.

Intrusion prevention system gets new filters

Since its implementation in fall 2007, the campus intrusion prevention system (IPS) has blocked hundreds of thousands of pieces of malicious traffic per week. The campus IPS works by using a set of nearly 1,100 recommended filters that can check billions of pieces of network traffic per second. In April, building on the success of the IPS, IET developed a process for implementing additional filters to address confirmed threats on a temporary, as-needed basis. In April, two new filters began blocking malicious traffic after a brief permit-and-notify period. During permit and notify periods, campus technical staff are encouraged to report any suspected false positives before the filters go into block and notify mode. Both of the new filters are expected to remain in place for 90 days. Contact: Bob Ono, IT security coordinator, raono@ucdavis.edu. Web site: security.ucdavis.edu

Cyber-safety tutorial raising campus-wide awareness

In March, a new training resource designed to help students, faculty and staff learn the basics of cyber-safety, was posted on the security Web site. Campus technical support staff is encouraged to use the tutorial to help inform and educate their clients about computer security. The "Cyber-safety Basics" tutorial can be downloaded in either PowerPoint or PDF formats from the security site training page at security.ucdavis.edu/training.cfm. Contact: Julie McCall, jdmccall@ucdavis.edu.

Revised security Web site launched in spring

On March 12, IET released updates to several key pages on the Computer Security Web site (security.ucdavis.edu). Updates were based on direct feedback from the campus community. The goals for updating these pages were to provide more direct access to useful information for a wide range of users, including system administrators, technical support and general users, and to provide quick access to IET's most frequently-used security resources (including protected resources like the IP Address Lookup Tool, Secalert and Filtered Ports List). Updated pages include:

• Security Home (security.ucdavis.edu)
• Cyber-safety Basics: Security for Everyone (security.ucdavis.edu/cybersafetybasics.cfm)
• Frequently Asked Security Questions (security.ucdavis.edu/faq.cfm)
• Security Training (security.ucdavis.edu/training.cfm)
• Sysadmin Resources (security.ucdavis.edu/secure/sysadminresource)

Contact: Julie McCall, jdmccall@ucdavis.edu.

Web application security training

IET security administrators provided Watchfire AppScan training on March 20. This session allowed individuals who had been placed on a waitlist after Watchfire staff provided training to more than 30 people in October and December to attend the training. IET has provided training and 45 software licenses at no cost to campus units. Web application security is one of the newest Cyber-safety standards, added to the policy just prior to the 2007 reporting period. Contact: Bob Ono, IT security coordinator, raono@ucdavis.edu.

CAS enables Single Sign-On for many Web-based applications

The UC Davis instance of Central Authentication Service (CAS) is the latest Web sign-on system installed by IET. CAS provides robust security architecture and multiple client modules to more than 50 universities and organizations worldwide. It will eventually replace DistAuth, UC Davis' current Web sign-on system. In the meantime, CAS has been modified to accept valid DistAuth authentication information in place of its own, enabling departments to run DistAuth and CAS-protected applications simultaneously while minimizing the number of sign-ins required. Many campus units already use CAS, and the Middleware project team has been strengthening the CAS service within UC Davis as well as across the whole UC System. CAS will provide new methods of authentication for clients, such as automatic Windows single sign-on and RADIUS authentication. Contact: Hampton Sublett, project manager, hbsublett@ucdavis.edu.

Kerberos KDC replacement

In December the Kerberos Key Distribution Center (KDC) project team was formed and charged with testing, recommending, and implementing the replacement KDC. Kerberos is a network authentication protocol. It is one security measure that can be used to limit access to certain applications, Web sites, and services. Kerberos KDC refers to the central server component of Kerberos, a key component of the campus IT security architecture. More than 100,000 campus computing account holders use the campus Kerberos service when they access campus Web sites and services, including Smartsite, Distauth, CAS and campus email. The project team has evaluated four candidates and documented its findings for each, and is expected to formalize its recommendation in June. Contact: Bob Ono, IT security coordinator, raono@ucdavis.edu. Web site: security.ucdavis.edu

Campus password standards review underway

In conjunction with Key Distribution Center (KDC) replacement efforts, the Kerberos KDC project team is exploring potential updates to the campus password standards. The transition to the new KDC is an opportune time to establish standards for stronger passwords because the new service requires that all campus account holders reset their passwords. Further, it has been several years since existing password standards were established and recent studies show that the existing campus password format may have inherent security weaknesses. Contact: Bob Ono, IT security coordinator, raono@ucdavis.edu. Web site: security.ucdavis.edu

EMAIL

XEDA keeps pace as communication technology evolves

After months of planning and re-evaluation, the campus Exchange service (XEDA), built on Microsoft's Active Directory technology, has emerged as an enterprise class communication tool by incorporating x64 bit processing technology, improving scalability, and offering greater access capability. In addition, XEDA now improves support for Blackberry via a dedicated server. Electronic fax sending, receiving, and routing capability has also been added, and remote access using Outlook Web Access has been improved. There are more than 3,000 users in the Exchange community on campus. XEDA lets users remotely access their account from any Internet connection to check their calendar, send email, access shared files, send/receive faxes, and listen to voicemail messages using the new Enabled Voice Mail (EVM) system. XEDA supports most mobile devices and enables them to retrieve email, access meeting and appointment information, and use a single address book across platforms. Contact: xeda@ucdavis.edu. Web site: http://iet.ucdavis.edu/microsoft/xeda.cfm

IET sponsors successful Gmail pilot for students

IET launched a pilot with students in mid-January to test Gmail as the campus email program for students. More than 300 graduates and undergraduates participated in the six-week pilot. The feedback was strongly positive. The plan for rolling out Gmail to all students is now being presented and discussed with campus groups. A decision is expected by mid-June. Learn more at gmail.ucdavis.edu. Contact: Gaston De Ferrari, project manager, gdeferrari@ucdavis.edu.

Color email servers getting ready to retire; Cyrus takes over

After providing nearly a decade of email processing service, the "color" named mail servers at the Data Center are being retired on July 1. Over the last four years, the Data Center has been improving and securing the replacement email system. Most users have already been migrated from the old servers to new. Data Center technicians have been scrutinizing activity logs and sending out targeted email announcements to alert users of the change. Announcements have also been sent to all email users sending mail using an incorrect destination email address format such as NAME@COLOR.ucdavis.edu. For more information, visit email.ucdavis.edu

USER ACCESS AND SUPPORT

Watchfire user group monthly meetings

The Watchfire user group was formed in February to encourage AppScan license holders and report viewers to ask questions and share information on an ongoing basis. The group meets on the second Tuesday of every month from 9:00 a.m. to 10:30 a.m. For the meeting schedule and locations, see security.ucdavis.edu/appscan.cfm.

IT Express handles heavy call loads from undergraduate applicants

On March 13 and 14, 23,000 undergraduate applicants to UC Davis were notified of their acceptance and instructed to visit the campus My Admissions Web site at myadmissions.ucdavis.edu. More than 600 applicants and parents contacted IT Express for account-related assistance-a call volume nearly four times greater than normal for IT Express. In order to accommodate the increase, IT Express supplemented the normal staff with IET staff from other areas, including Desktop Enterprise Solutions (DES), Software Licensing and Incident Response. Special call queues were set up to accommodate the increase in calls. Applicants were directed to one call queue for password resets and account creation assistance. All other calls, including calls from current students, faculty and staff, were directed to a separate call queue for immediate assistance by IT Express staff. In addition, IT Express hours were extended from the normal 7am-9pm availability, staying open until 11pm on March 13 and 14. Special Saturday hours were also added to assist applicants on March 15. The deadline for freshman applicants to accept the offer of admission from UC Davis was May 1, 2008. Between March 13 and May 1, IT Express fielded 2,153 calls from applicants and their parents. IT Express will continue to assist incoming freshmen, transfer students, and first year students in the Law School with computing accounts issues as students arrive on campus and begin classes.

IT Express continues to help users transition to SmartSite, configure voicemail

Between February 1 and May 1, IT Express fielded nearly 300 support requests for SmartSite, the new UC Davis course management system. As more instructors move course Web sites from the MyUCDavis course management system to SmartSite, IT Express will continue to provide support for the transition. On Thursday, May 8, Communications Resources launched the Enabled Voicemail (EVM) feature for all campus voicemail box levels of service. IT Express will provide configuration assistance and first-tier support for this service.

Reporting Group automates service

IET Client Services Reporting Group has started using Crystal Reports to automate reports, which were previously being produced and sent manually. Two automated reports are sent out to IT Express Computing Services Help Desk and the Reporting Group. The first is a performance report for IT Express and includes the previous day's work activities. The second contains information about previous, current, and future items from IT Express, IET, and the campus. Other reports produced on an ongoing basis contain information about computing, email, Web browser usage, operating system usage, MyUCDavis, and SmartSite. The Reporting Group recently completed a survey on the Technology Support Program (TSP) Orientation. The survey was conducted to evaluate the level of satisfaction with the TSP orientation, assess the alignment of participant expectations with the services and information provided, and to determine areas of improvement. The survey indicated that participants perceive the orientation program to be a valuable part of the TSP. Visit dc.ucdavis.edu/stats to see more detailed report results. For more information, please contact the Reporting Group at reporting@ucdavis.edu.

Data Center Client Services surveys clients on support issues

Starting in early June, the IT Express Computing Services Help Desk will begin collecting feedback on support services. Each person that contacts IT Express during a 30-day pilot will be invited to complete a survey about their experience. The results will be used to identify areas in need of support, discover historical trends, forecast future needs, and establish a baseline of the current service to evaluate future service. A survey invitation will automatically be sent via email only after IT Express solves the problem. Those transferred to departments other than IT Express will not be surveyed. The results from each survey will be saved and attached to the original incident record at IT Express. The online survey was built by Data Center programmers, who worked with Sarah Robertson and the Committee on Human Research. All feedback will remain private and will be used to evaluate quality of service provided. For more information, please contact Sarah Robertson at 530-754-6703 or visit itexpress.ucdavis.edu.

SOFTWARE

Apple Enterprise Support Agreement

The Software License Coordination (SLC) unit finalized an Apple "Preferred" enterprise support agreement for 12 participating campus departments in May after coordinating with Apple and the campus technical community. The agreement includes one year of support on all Apple software issues (i.e., Mac OS server, client, and all other related software), support on an unlimited number of incidents, and two direct customer contacts. The total cost of the agreement will be paid by the participating departments based on the number of Apple servers "in use" and "in need of support" in each department. The required minimum buy-in will be the cost share of one server ($761.71 per server for the initial contract). If additional departments are interested in participating later this contract year, they will pay a pro-rated cost, which will contribute to the funding for renewal for the next year. The IT Express Computing Services Help Desk will initiate all support requests with Apple, who will then work directly with the individual department via email to resolve the issue. Contact: Sarah Robertson, srobertson@ucdavis.edu.

Campus site license for Oracle database software

The Data Center and Client Services finalized a campus-wide site license for Oracle Database software in February after a year of evaluating the feasibility of the agreement. The site license will save the campus an estimated $580,000 over the next four years. IET identified the existing Oracle Database licenses on campus and funded the remaining new licenses needed to attain comprehensive licensing for the campus community. As a result campus departments will no longer need to purchase new Oracle Database licenses. In order to maintain support and receive upgrades for products in the Oracle site license, the Software License Coordination (SLC) unit will track license use and distribute annual support costs to those departments using the software. Departments interested in more information about Oracle licenses can visit my.ucdavis.edu/software/.

Quarterly configurations offered on Dell products

The UC system-wide agreement on departmental purchases of Dell products includes deeper discounts for nine bundles, as specified quarterly, by the UC system. The bundles include the Optiplex, Latitude, and Precision product lines. UC Office of the President (UCOP) has formed a committee with representation from each campus to select the configurations of these bundles each quarter. The Software License Coordination (SLC) unit is helping to coordinate this effort for UC Davis, along with a few representatives of the Technology Infrastructure Forum (TIF) and the Client Support Issues (CSI) subcommittee. The bundles are the "Standard Configurations" shown on UCDBuy. When a bundle's specifications are customized prior to purchase, the discount is reduced. In order to determine the most widely-used configurations on campus and to gather feedback from the campus technical community, the campus Dell configuration workgroup surveyed the campus for planned purchases and preferred specifications. The workgroup then reviewed the survey results with the TIF-CSI subcommittee. The workgroup advocates UC Davis's preferences each quarter at the UC system-wide committee on Dell configurations. Contact: Sarah Robertson, srobertson@ucdavis.edu.

Office 2008 compatibility testing

In March, IET coordinated a campus-wide compatibility testing effort for Microsoft Office 2008 for Mac. Similar testing efforts for Microsoft Vista and Mac OS 10.5 (Leopard) have been conducted in the past. Thanks to the hard work of volunteers from various departments, 22 applications linked to Microsoft Office were tested in only a few short weeks. Information specific to Office 2008 for Mac was also added to the campus Microsoft and Macintosh Web sites, including details on how the program was tested, campus licensing agreements, directions on how to obtain Office 2008 for campus or personal computers, news and announcements, and useful links. For more information please visit microsoft.ucdavis.edu and macintosh.ucdavis.edu. To see a list of volunteers, visit iet.ucdavis.edu/macintosh/thanks.cfm.

Symantec Rewards Agreement results in deeper discounts

The Software License Coordination (SLC) unit signed a campus agreement for the Symantec Rewards Program in May, bringing greater discounts on Symantec products to campus. SLC coordinated with UC and Software House International (SHI), our UC-designated software reseller, on the agreement. The Rewards Program-a "frequent-flyer" style program based on accumulation of points-provides deeper discounts on departmental purchases of Symantec software than the existing UC system-wide Software Volume License Agreement (SVLA) with SHI. Departments are now able to purchase Symantec products though SHI and receive the new rewards-discounted pricing. The Rewards Program will also allow SLC to track the Symantec licenses purchased by campus departments online via the MySymantec application. Departments who wish to track their own Symantec licenses may sign an affiliate Rewards agreement that is linked to the UC Davis master agreement. For more information, please visit the Software Web site at my.ucdavis.edu/software/.

DriveSavers Data Recovery, Inc. provides presentation

On May 7, The Software License Coordination (SLC) unit hosted a presentation by DriveSavers Data Recovery, Inc. The campus is currently a member of the DriveSavers Elite Education Partner Program, which entitles departments, faculty, staff, and students to benefits such as discounts on data recovery services. For more information on DriveSavers, please visit the Software Web site at my.ucdavis.edu/software/.

New UC Designated Software Reseller-Software House International (SHI)

The Software License Coordination (SLC) unit announced in February that Software House International (SHI) was selected as a new reseller for Adobe, FileMaker, McAfee, Microsoft, and Symantec software. The decision was the result of a system-wide Request for Proposal (RFP) for a new UC Software Volume License Agreement (SLVA). The primary goals of the RFP were to improve service standards and customer satisfaction. The new agreement was able to achieve cost savings of between 1.8 and 5.3%. UC Technology Acquisition Support (TAS) reps from IET were involved in the RFP process and led a campus scoring committee - including representatives of the campus Technology Infrastructure Forum Client Support Issues (TIF-CSI) subcommittee - to score the vendor bids. To help facilitate the reseller transition on campus, the Software License Coordination (SLC) unit has been coordinating with SHI on the development of a campus SHI Web site, as well as the transfer of licensing records from the previous reseller to SHI. Additionally, SLC hosted a campus presentation on March 18, at which SHI representatives reviewed the campus SHI Web site, answered questions, and took requests from the campus technical community. SLC continues to coordinate with the UC TAS group TIF-CSI subcommittee on any issues regarding implementation. Contact: Sarah Robertson, srobertson@ucdavis.edu.

Internet Tools CD gets updated software

In April, IET Client Services updated the UC Davis Internet Tools CD to include the latest versions of Endnote bibliographic software and Sophos Anti-Virus for Windows (version 7). Older versions of Sophos (version 6 and earlier) will no longer automatically update or provide up-to-date virus protection if installed on or after May 30, 2008. Spybot Search & Destroy anti-spyware is now available for personal home-use only. IET encourages all faculty, staff, and students to pick up a free copy of the latest Internet Tools CD from the IT Express Computing Services Help Desk in Shields Library or download the software from the campus software Web site, my.ucdavis.edu/software/. Contact: Sarah Robertson, srobertson@ucdavis.edu

TELECOMMUNICATIONS AND NETWORKING

Campus Payphones replaced with courtesy phones

This summer, IET will begin phasing out the payphones on campus. Lack of use, service expenses and maintenance costs are the primary drivers of the decision to remove them. Courtesy phones will replace many of the payphones that are scheduled to be removed. Courtesy phones can place calls to on-campus telephones (including 911, which connects the caller directly to the campus police and fire department in the event of an emergency). The drop in payphone usage is primarily attributed to the increase in cell phone usage. Removing the payphones is not expected to have a significant impact on the campus. Contact: Zack O'Donnell, service manager, zmodonnell@ucdavis.edu.

Enabled Voicemail (EVM) feature now available

For the past six months, IET has piloted a new set of optional voicemail features called Enabled Voicemail (EVM). On May 8, the features were officially introduced to campus voicemail clients. In just the first three days, more than five hundred campus voicemail clients configured the new features. EVM can forward a sound file of a campus voicemail as an attachment to an email account. EVM can also send text notifications to an email, SMS-enabled cell phone, or an alphanumeric pager. EVM is available to all campus voicemail clients. Contact: Mark Redican, NOC manager, mredican@ucdavis.edu. Web site: evm.ucdavis.edu

Cellular coverage sees improvements

During the last seven months, IET and the office of Real Estate Services have signed agreements with four primary cellular carriers (AT&T, Sprint, T-Mobile and Verizon) to install cell sites on the main campus. Next to the North Quad parking structure, Verizon's new cell site has been up and running since January. Sprint's plans to construct a new cell site atop Chemistry Annex are being reviewed, and construction should begin later this summer. The AT&T and T-Mobile's construction plans to install cell sites (on the roofs of Hutchison and Kerr Halls respectively), have just entered the review phase. Contact: Zack O'Donnell, service manager, zmodonnell@ucdavis.edu.

Printed campus directory distributed in spring

In March and April, Directory Services delivered the 2008-2009 centennial edition of the printed UC Davis directory to campus departments. For the first time, the individual listings were taken from the new Online Directory, which allows campus constituents to continually update their directory listings online instead of through an annual process using paper forms. The new update process was kicked off with a campus-wide email campaign and gave individuals six weeks to update their information online in December and January before it was gathered for the printed directory. The Online Directory update process has greatly increased the accuracy of the individual listings by decreasing "time to print"-the time from when the listing information was updated to when it is printed. The individual listings are also available online at ucdavis.edu/search/search_people.html. The cover of the printed book, designed by University Communications, displays a timeline featuring the past 100 years of UC Davis and other UC Davis memorabilia. Contact: Nick Barbulesco, ucdlesco@ucdavis.edu.

Secure Remote Access (SSL VPN)

In fall 2007, a secure SSL VPN connecting campus applications and network services at Shields Library was made available to campus computing account holders. SSL VPN generates an encrypted tunnel through which remote users can securely connect to campus computing resources. IET-Communications Resources is developing a service that would provide SSL VPN capabilities to campus departments. Contact: Amy Slavich, amslavich@ucdavis.edu.

Wireless network upgrade completed

An overhaul of the wireless networking equipment on campus was completed recently. The primary benefits of this upgrade are improved roaming between wireless access points, enhanced security features, and better network coverage through automated sensing and tuning of wireless signal strength. Contact: Mark Redican, NOC manager, mredican@ucdavis.edu. Web site (wireless networking services, coverage maps, etc.): wireless.ucdavis.edu.