University Issues b William Annis - University of Wisconsin b David Brumley - Stanford University b Robyn Landers - University of Waterloo b Kathy Penn - University of Maryland b Jon Finke - Rensselaer Polytechnic Institute
Format Begin Open Topic_List_Cursor; Loop fetch Topic_List_Cursor into Topic, Presenter; exit when Topic is Null; Introduce(Presenter, Minutes =>1); Presenter. Discusses(Topic, Minutes => 10); Panel. Rebuts(Topic, Minutes => 5); Audience. Comments; end loop end;
Topics: b Managing Growth • William Annis b Computer Security and Incidence Response • David Brumley b Residence Networking • Robyn Landers b Backups - Procedure and Policy • Kathy Penn
Managing Growth b William Annis b Biomedical Computing Group - U Wisconsin • • • Statisticians - Grads, Faculty and Post Docs Solaris (20 Servers, 40 desktops), 40 Xterms Citrix NT for NT applications Web and database servers. 2 FT Admins, 1/2 Manager, 3/4 Student
When I started: b No admin, just parts of staff and an occasional grad student b Machines acting as file servers al over campus b Strange, uncommented code kept us running
How we changed: b Wrote a large document b Centralized everything b One OS version b cfengine squashes irregularities
The change: b Took two years -- will be done RSN b Initial steps noisy and obvious b Users still not quite sure of the centralized computing concept b Admin brain-retooling took a while
Computer Security and Incidence Response b David Brumley dbrumley@stanford. edu b Stanford University • Fiber to Internet (100 MB/S single duplex); OC 12 to Internet 2 (600 MB/S full duplex); up to 2. 6 gigabit internally (full duplex) • 505 Active subnets, 53216 registered nodes • 18116 PCs, 9305 Macs, 2629 Unix • 2299 Network Infrastructure, 711 Other • 1997 Printer, 338 Unknown, 258 X-terminals
Residence Hall Networking b Robyn Landers rblanders@math. uwaterloo. ca b University of Waterloo, Math Faculty, Undergrad • Mostly Sun(22) servers, X terminals(200) • Win. Center (PC apps on X terminals) • Network Appliance NFS servers – Unix, PC home directories • SGI (14), PC ( 90) and Mac(120)
%cc hello. world. c
eh. oot
Nice starting point: www. adm. uwaterloo. ca/infohous/resnet Techie details: www. ist. uwaterloo. ca/cn/Residence/tech. html
Getting Connected b policy agreement b fill out form, incl. MAC address b forms hand-entered into spreadsheet b scripts extract info into DHCP tab and router ARP entries
Rate Limiting b cron job queries router every 12 minutes b compute traffic volume per IP • daily total (150 Mb/day) • running average (25 Mb/day) b exceed limit => external access cut off b web page where students can check their own stats b reduces accidental and intentional misuse b manual intervention in case of policy abuse
Privacy and Security b access control on hosts that have resnet info b can’t use DHCP info to track down student’s personal info, for example b students can view only their own usage stats b
Interesting Problems b student set up rogue DHCP server b some MS W 98 network drivers locked up after receiving DHCP answer b some W 98 needed a vendor tag set in DHCP entry (value irrelevant) b forging mail and news b client-side denial of service -- client grabs all the IPs b server spoofing
Uninteresting Problems b syntax errors in DHCPtab from manual entry • now have automatic checker b wall jacks fail from abuse
Non-Problems b automatic rate-limiting prevents network overload b students learn and share local sources, reducing need for off-site
Summary b What’s cool • auto rate limiting (Perl. Uses no vendor-specific features. Router just needs to keep and report traffic stats so you can query it. ) • web page where studens check their usage b What would be nice • on-line D. I. Y. registration • use the D in DHCP b Other implementations • Stanford’s Secure Public Inter. Net ACcess Handler http: //spinach. stanford. edu
Backup -- Procedure and Policy b Kathy Penn kpenn@isr. umd. edu b Institute for Systems Research, U Maryland • • 900 Grad Students, 60 Faculty, 40 Admin Staff 175 Unix (mostly Sun), 100 PCs & Macs Sys Admin staff - 5 FTE, 5 Student 3 Class C Subnets, but routers run by University networking department
Backups b Everyone does them b Everyone does restores b Everyone verifies backups b But does everyone know how?
Document Your Procedures b How to do the actual backups b How to do the restores b Have someone step through the instructions b Don’t forget Why, Where, Which
Document Your Policies b For staff and users b How frequently backups are made b How frequently archival copies are made b How long archives are kept b What do you NOT backup, and why
Restoration Information b How do users request restores? b If they can do their own restores, how? b How long do restores take? b Who can request restores?
IANAL (I Am Not A Lawyer) b Check with your central University policy b Check with University lawyers b Document Everything -- especially your policies
These Slides Will Be Available Near You Soon! b Http: www. rpi. edu/~finkej/u-issues/
Скачать презентацию University Issues b William Annis — University of
3184912be86e40d52a3727cf9ff5d831.ppt