1. Technology Update TSAG Meeting 11/14/02

2. Announcements: Spam Open Forum  Monday November 18, 2pm-3pm  OV Presentation Room Campus Operations Center: Holiday Hours  Thanksgiving: 11/28 - 12/1 8am-5pm Coverage  Christmas: 12/22-1/1 8am-5pm Coverage  On Call Coverage: 11/28, 12/25/, 1/1 Directory Authentication for Peoplesoft HR/FN (January 13)  Campus UID  Campus E-mail Address  Peoplesoft Operator ID Voice/IP Change Over (January 18) Directory Authentication for http://my.csun.edu (spring) Helpdesk IRC chat room utilization/effectiveness?

3. Campus/Directory Accounts: Securities three As:  Authentication  Authorization  Access Revised (Final Draft) Policy: Account Cleanup: Collecting information from you.  Number of Accounts:>48,000  Number of Valid Accounts:?36,000  About ready to purge: 3,210  About ready to notify: 5,000 Group Accounts  being phased out  replaced with e-mail and web folders  http://www.csun.edu/~sfo

4. Disk Space: Data and E-mail Data Space:  2.2 Terabytes, Mirrored -> 1.1 Terabytes  500 Gigabytes reserved for Users Email Space:  696 Gigabytes, Mirrored -> 348 Gigabytes Projected User-base Growth: 4% Quota TypeProjected Usage EmailData Faculty/Staff80%30 MB100 MB Organization Units80%30 MB 50 MB Students20% 5 MB 10 MB Other*40% 5 MB 10 MB

5. Password Controls/Policy Peoplesoft Related Controls:  Sequential invalid logins lockout: 5  Minimum history of passwords: N  Frequency of Changes: 90 days Password Changes for the entire Campus  Original scheduled for last October  Peoplesoft FN/HR users: starting 1/13+90days  Frequency of other users? Technical staff with administrative rights: 30 days Staff: 90 days Students: every semester (part of registration process) Faculty: ??

6. Network Infrastructure Changes Stage 2: TII (Technology Infrastructure Initiative)  18 month project, to begin January 2003  Reorganization of Network layout and devices CO to cover the majority cost of upgrade, retaining existing functionality, (future upgrades?) Functionality to be phased out (discussion stage)  IPX  Appletalk

7. IP Assignments Best IP Assignment Best Practices: (today and future) 130.166.*.1-10,12-20 : Servers 130.166.*.11,12: Routers 130.166.*.20-49: Printers 130.166.*.50-229: General (DHCP) 130.166.*.230-255: Reserved Subnet Assignments: all to change 130.166.0-9.* : Infrastructure support 130.166.10-159.*: Unit specific 130.166.160176.*: Wireless 130.166.180-199.*: Auxiliaries 130.166.200-209.*: LAUSD 130.166.210-255.*: Infrastructure support

8. Network Access Control: Purpose:  To limit DDOS attacks launch at and from the campus  To address Copyright Infringement problems  To reduce the amount of SPAM received and generated  Et cerate Some Outcomes:  Large amounts of available bandwidth has been reclaimed  Triage time for potential network problems reduced  A much more stable computing infrastructure Initial Goal:  To deploy a Firewall around the Campus in which only “Internet Servers” are accessible from off-campus. Internet Server: A server that intentionally provides one or more services to individuals off campus

9. Proposed Edge ACL Changes Block all inbound ports to all machines not following within the range:  130.166.*.1 -- 130.166.*.20 Block all inbound network connections on the following protocols:  telnet, smtp, imap, pop (and the ssl related ports) Target date: December 13 Next step: Block all inbound connections to non-Internet Servers. Your task is to provide me with your Internet Server list.

10. SPAM SMTP auth