Fall 2007

The Newsletter of UF Computing & Networking Services  

In This Issue

New Network Monitoring System is Online

Keeping tabs on a network as extensive as the one here at UF is a difficult job. But it gets easier with the right tools. And if you can't find a tool you like, just make one.

CNS Town Hall Meeting Held September 13, 2007

CNS held its annual Town Hall Meeting on September 13, 2007, at the Keene Faculty Center. It's a time for the entire CNS family to come together to acknowledge the staff for all they do throughout the year.

Deadline for Conversion to Virtual Tape System: Dec. 3rd, 2007

CNS is replacing the IBM 3480 magnetic tape cartridge drives with a "Virtual Tape Server" (VTS). The VTS is a software simulation of IBM 3480 magnetic tape drives that runs on a Linux system and stores the tape volumes as files on a dedicated disk storage system. For more on the VTS, see previous CNS News Item N0451 (01/12/2007) at http://docweb.cns.ufl.edu/news/n0451.

The deadline for customers to convert to the new VTS system is December 03, 2007. On that date the physical 3480 drives will be removed from service. All physical tape cartridges remaining in the CNS tape library will be returned to their owners if possible; where owners cannot be located, remaining tapes will be destroyed.

Start-of-Term Load is CNS First Priority

As always, the load on the mainframe system approached capacity during the first week of Fall semester (August 23 - 29). During this time period beginning-of-term work supporting schedule adjustment is our top priority. We shut down non-critical services if their usage could be deferred, and ask that our major users do the same, if at all possible. We also tune the system to favor this student-related work load. Usage during this period occasionally peaked at 100% CPU but was usually in the lower 90's. In general, response times did not suffer as a result of the increased load.

GatorLink Authentication System Upgraded

On August 19, 2007, CNS upgraded the underlying hardware behind the GatorLink Authentication (GLAuth) system (login.gatorlink.ufl.edu), in preparation for the start of Fall semester. In addition to the hardware upgrade, CNS made various minor improvements to make the system more robust.

Obsolete Name Server to be Retired August 2008

On Monday, August 4, 2008, the name server called
centrex-name.server.ufl.edu at 128.227.128.226 will be retired from service.

We strongly encourage all computer system administrators to begin making sure that computers you support presently configured with centrex-name.server.ufl.edu are configured with one of the two published name servers.

Q&A: Where can I find out about the security features of GatorLink e-mail?

Q: Can you tell me about the security features of GatorLink e-mail accounts? Thanks! ANON

A: The following documents address security issues regarding GatorLink e-mail:

• http://docweb.cns.ufl.edu/news/archived/n0346/n0346.html
• http://docweb.cns.ufl.edu/qa/q1405/q1405.html
• http://docweb.cns.ufl.edu/update/u020301a/u020301a.html
• http://docweb.cns.ufl.edu/docs/d0201/ch16.html#id3217588
• http://open-systems.ufl.edu/services/smtp-relay/virus-scan.html

The GatorLink e-mail servers are housed in the CNS Operations Center: http://www.cns.ufl.edu/operations.shtml

It is described in somewhat more detail on page 2 of this document, in the column headed "SSRB": http://www.cns.ufl.edu/hosting/CNS_HostingServices.pdf

If you have additional questions on this topic, please send them to the CNS Support Desk at consult@lists.ufl.edu.

Thank you for your interest.

/Update Feature: How We Are Doing: A CNS Report Card

Each issue in this space, we will offer links to statistical information about CNS's services so that you can see...how we're doing.

Training Opportunities

IT Orientation to be held October 18

Are you brand-new to information technology at UF? Maybe you've been here a while but would like a refresher on all that's available to you. Then IT Orientation, presented by the UF IT Training Committee, is for you!

Peer2Peer is on for Thursday, November 15th

Peer2Peer is IT training from some of the best in the IT field: your UF colleagues!

Peer2Peer is an informal and informative series of training sessions providing the University of Florida IT technical community with information on the resources and information available to them via our own experts.

The next Peer2Peer session will be held on Thursday, November 15, in Room 282 at the Reitz Union, from 9:00 a.m. to noon. Peer2Peer sessions are open to the public. No need to register, no fees to pay...just show up and learn from the best!

Information

• Where: J. Wayne Reitz Union, Room 282
• When: Thursday, November 15, 2007 - 9:00 am to 12:00 pm
• Cost: Free - Open to the public

Presentations

• 9:00 - 9:45: Forensic Computing - John Sawyer, University of Florida IT Security Team
• 9:45 - 10:00: Break
• 10:00 - 10:45: Server Virtualization - Iain Moffat, CNS Open Systems Team
• 10:45 - noon: Distance/Streaming Technologies - Fedro Zazueta

For more information, see http://www.at.ufl.edu/p2p/training.htm .

Security Watch

IT Security & YOU: Network Scans

Did you know that it is a violation of UF IT security policy to subvert vulnerability scans? Item 4 in the Node Security Standard states, "Network restrictions must allow access to the UF security scanner." Exceptions must be coordinated with the UF Information Security Manager and approved by the UF Information Security Administrator.

Jordan Wiens Departs UF

It is with great sorrow that we say goodbye to Jordan Wiens. Jordan accepted a position with a security company in Melbourne, FL. His last day at UF is November 21, 2007. Jordan has been a tremendous knowledge asset for UF. His skillz have protected the university from internet threats for nearly seven years. He has been a valued team devotee and a cherished member of the IT security family.

We hope you will attend a reception for Jordan on November 16 at 3:30 pm in the Friends of Music room in the University Auditorium. More information will be sent to the CCC list as the time approaches.

ITSA Day Cancelled for 2007: Next Schedule October 8, 2008

The UF IT Security Team regrets that they do not have the resources to produce ITSA Day this year. The Team has been dedicating time to other projects that will improve the security of your computing experience at UF. Instead, the Team plans to offer a series of Security Lunch and Learn events in October. See the next article (below) for more information.

But please mark your calendars now for next year's ITSA-Day; October 8th, 2008.

Lunch and Learn Security Series Underway

Everyone has data to protect, on servers, on mobile devices, and on personal computers. Encryption adds an extra layer of protection for all of your data, wherever it lives. Next Tuesday, October 16, come to the JWRU room 284 and find out about the latest tools, ideas, and guidelines in encryption. Ask the experts your best questions and find out about their best practices.

UF Security Professionals Repeat at World's Most Prestigious Hacking Competition

During August 3rd-5th, two security engineers from the UF Information Technology Security Team participated as members of team "1@stplace," whose deliberately ambiguous name is meant to acknowledge the thin line between success and defeat in the world of IT security. For the second year in a row, 1@stplace won the two-and-a-half-day electronic Capture the Flag competition called WarGamez at DefCon 15.

DefCon is the world's largest annual computer hacker conference with over 7,000 attendees this year. UF Senior Security Engineers John Sawyer and Jordan Wiens were part of the exclusive nine-member team composed of security experts and enthusiasts from all over the U.S.

Security Honor Roll: Zero Security Incidents During Summer 2007

Thirteen UF units are being recognized for outstanding IT Security performance, having had ZERO security incidents during the Summer 2007 term. We appreciate the skill and hard work they put in to achieve this goal. By their efforts they have helped keep UF's IT environment safer for us all. See if your unit was among them!

John Sawyer Addresses FAEDS

In September, John Sawyer of UF IT Security spoke at the Florida Association of Educational Data System (FAEDS) for the fifth year in a row.

This year's presentation focused specifically on incident response and malware analysis. Sawyer spoke about the different stages of incident response, starting with preparation before an incident occurs, and going all the way to the lessons learned after the incident has been resolved.

Sawyer & Wiens Address AITP

John Sawyer also addressed the local chapter of the Association of Information Technology Professionals, with an emphasis on malware kits, Storm Worm analysis, and the Metasploit Framework

Jordan Wiens of the UF IT Security team is also scheduled to address the AITP in the next few weeks; watch for that announcement!

A New Financial System for Students and the University

By Dr. Michael Conlon, UF Director of Data Infrastructure and PeopleSoft Implementation Officer

University Financial Services (UFS) and Bridges are working together to produce a new financial system for the students and for the university. The new system is based on the PeopleSoft Student Financials module and is the first module for student services to be implemented in PeopleSoft.

The University needs a new financial system. This system is used to prepare bills for the students, to bill the students, is used by the students to pay bills on line, supports an accounts receivable function for the collection of past due amounts, and provides management information to the university on student billing and revenue. The existing system has been in place for more than twenty years. It is lacking key features of a modern billing system.

New Network Monitoring System Now in Production

Back Issues 2007 2006 2005 2004 2003 2002 2001 2000 1999 1998 1997 1996 1995 1994

Monitoring a network as extensive as UF's is not an easy job. Just ask Brad O'Hara and Keith Monroe of CNS's Network Services division. It is such a job, in fact, that they found the best way to do it was to develop their own system from scratch.

Keith Monroe (left) and Brad O'Hara, with assistance from Chris Wilson, built the new network monitoring system.

The new network monitoring system has CNS's operations running better than ever. It has a web interface which allows for easy tracking of problems. With this new system, every device on the network is monitored constantly. Six "collector" boxes and 2 storage servers distribute the load. Statistics are gathered from each of the approximately 25,000 interfaces on 710 devices. "Previously, the hardware wouldn't allow the collection of statistics from so many devices," said O'Hara.

So what kind of statistics are we talking about? According to Monroe:

• On 2 minute intervals we gather a minimum of 151,000 data points from all devices that are not classified as a "Wall-Plate" device. The actual collection (poll/answer/storage of the answer) only takes 3-15 seconds, depending on the class of device.
• On 10 minute intervals we gather ~424,000 data points from Wall-Plate devices. The actual collection (poll/answer/storage of the answer) only takes ~55 seconds.
• We have ~400 gigs of statistical data that is almost instantly available when asked for (i.e., for graph generation)
• We have ~15 gigs of log/config data

Such massive collection of data required a major overhaul of equipment and hardware. Network Services' monitoring machines went from 2 servers (one for data collection and one for the Web front end) to 10 servers:

• 1 is used for all syslog/snmp trap/mac/config data collection
• 1 is used for the Web front end
• 2 are used for backend file storage (all statistical data is stored)
• 6 are used to poll all devices in a distributed arrangement

The boxes gather configurations and trap processes for certain events, which acts as an alarm for those unusual events, using Nagios, event-based open-source software. There are two instances of Nagios working in this application, one for the network and one for servers.

This new network monitoring system allows devices to be checked by building, device class, device name, or a combination of filters. It collects very detailed information, includes Pinnacle data for Telecom. The means that abnormalities can be found quickly, allowing field engineers to find specific problems. It also means that infected machines can be found quickly, right down to the exact port. This is a testament not only to the hardware, but to the network on which it runs.

Among its other features, the new system gathers utlization information on packet counts and error rates. It has some reporting capabilities as well. It's authenticated through GatorLink. This system was nine months in development. It began production at the start of the Fall 2007 semester.

Check the new system out for yourself at https://nms-console.ns.ufl.edu.

Read More About It!

We invite you to visit the CNS web page at www.cns.ufl.edu to read more about our recent activities and the services we offer to support your computing needs. As always, we are happy to hear from you. Please contact our Support Desk at 352.392-2061, or by e-mail at consult@lists.ufl.edu.

Subscribe!

/Update issues prior to November 2004 are available as Adobe Acrobat Portable Document Format (PDF) via the "Back Issues:" drop-down, above.

Selected articles may also be found in html and PDF format in DOCWEB.