======================================================= Stony Brook University Computer Science SYSTEMS STAFF MONTHLY NEWSLETTER Jan 2008 ===================================================================== In this issue we have 8 general announcements, 6 ongoing-work items, 4 future work items, and 4 reminders. *** ANNOUNCEMENTS 1. Windows security announcements (a) Our Windows Update server inadvertently deployed "Windows Desktop Search" as part of their patch deployment. While not critical, this service consumes disk resources while indexing the computer. This was an error on the part of the Microsoft WSUS team (Windows Software update services) which set this option as applicable instead of optional (in their deployment for Windows Desktop Search update package). Microsoft is currently investigating this issue and investigating an easy way to undo the deployment. This has affected all workstations part of our Windows Server Update Group (XP SP2 and 2003 SP1+). These computers include: - Faculty workstations and servers under the backup infrastructure - Secretary workstations and servers - Fax workstations - Graduate ghost server More information regarding this update and how to uninstall it manually is available at (b) Vulnerability in Windows URI Handling Could Allow Remote Code Execution A specially crafted URL could allow Internet Explorer 7, Windows file, and Shell32.dll to be used to execute arbitrary code. The vulnerability exists in all supported versions of XP and Server 2003. See: (c) Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool. See: (d) Vulnerabilities in Microsoft Windows and Microsoft Windows DNS Server These vulnerabilities could allow a remote attacker to execute arbitrary commands or cause a Windows DNS server to provide incorrect DNS responses. The incorrect DNS responses could be used as part of a browser redirection scheme to infect and control client systems. See: 2. Wireless network updates We are replacing the older 802.11B access points with newer 802.11N access points in the CS dept. 802.11B units connect wireless devices typically at 11Mb/sec. During testing 802.11N units connected at 54Mb/sec and up to 108Mb/sec. The sem_wrls1 password required to connect in room 2311 (wireless seminar room) has been dropped. You will use the sbgwap1 information to connect in room 2311 as you do to the rest of the production wireless network. Most people will not notice this change because they already have associated with a sbgwap1 access point. Note that not having a WEP password is not going to affect security much, as WEP keys are fairly easy to break. We plan to support WPA2-level security in the future. Regardless, we strongly recommend that you use SSH/SSL/HTTPS for all of your communications over wireless networks. 3. SSO/Reserve-room application speeds up The reserve-room application was upgraded to increase performance. 4. Web updates SPM08/SMI08 sites were updated to reflect a new program to provide travel funds for grads students to the Stony Brook modeling week and items for the international program committees. The main page news items were rotated to highlight the achievements of the Stony Brook ACM ICPC teams. The www directories will be available on compserv1 at: /www/home/[facfs1 stufs1 fs2 fs3 ...] and /www/var/spool/ftp The plan is to phase out editwww and separate passwords to publish on www. One can log onto compserv1 and execute a simple cp command to update webpages, or emacs /www/home/X/public_html/Y.html to edit an existing page. 5. Webmail service The CS dept has a webmail server with the same basic functionality as the squirrel mail webmail server. Webmail is accessible at: . Use your dept login and password. 6. Graduate Lab scanner workstation The old/slow scanner workstation has been removed. Graduate students can scan their documents in the Fax and Copy room next to the Graduate Secretary Office (Room 1435). 7. SSO Downloads The following downloads have been added to the SSO area (a) Symantec Endpoint Protection v11: Windows-based Symantec Endpoint Protection 11.0 is an integrated security solution providing antivirus, host intrusion prevention, device control and a firewall. (b) Symantec Antivirus v10.1.7: Antivirus Client software supporting Windows 2000 Professional, Server, Advanced Server; Windows XP Home, Professional and Windows 2003 Web/Standard/Enterprise/Datacenter. (c) Office 2007 compatibility pack (updated to v3): Open, edit, and save documents, workbooks, and presentations in the file formats new to Microsoft Office Word, Excel, and PowerPoint 2007. 8. Xmas-day power outage There was a general power outage in our building in adjacent buildings, early morning Christmas day, which lasted a couple of hours. When power had resumed, our compserv servers did not properly connect to their respective file servers; email had gotten delayed because of that. We've rectified the configuration so that the compserv servers will properly find their file servers after an outage. *** ONGOING WORK 1. CEWIT In the process of setting up a monitoring system called 'Nagios' for the Rocks Cluster Frontend. Nagios is capable of sending email alerts and monitoring Windows/Linux machines at various hardware and service levels. 2. Backup server A new backup server is being setup to address backup needs including research labs and CEWIT. It is expected to become available by the Spring 2008 term. 3. Wireless The staff is working to complete the upgrade of the current 802.11B network to 802.11N for the whole production wireless network. 4. Teaching Lab/Transaction Processing Lab In the process of upgrading/adding software in Translab for Spring 2008 semester. 5. User Provisioning and integrated file services We are working on a project to integrate all the user logins and file services in the department. The same login will work on UNIX, Windows and other infrastructure services provided by the department. Also, the file servers will be accessible from various systems. 6. New mail/dns/anti-spam servers. We are continuing to setup and install a new set of Linux-based servers to replace the aging Solaris servers. They are expected to be deployed during the Spring 2008 term. *** FUTURE PLANS 1. Production MySQL database server A MySQL server is planned to take over production DB support to replace the current shared (between educational and production tasks) server. 2. Dynamic provisioning of CEWIT systems The staff is working on mechanisms to dynamically allocate portions of the CEWIT cluster. We're exploring some new software from CA. 3. Imap coming to town. The staff is working on installation of Dovecot Imap server due to numerous request from faculty for Imap support. 4. Unified LDAP-based login We have begun investigating the use of LDAP servers in our department. This would help to consolidate the many user-ID domains we have into one; currently there are different user-ID domains being managed on the Unix systems, undergrad and grad teaching labs, database servers, and more. With LDAP, we hope to be able to manage all user IDs more efficiently and centrally. ** REMINDERS 1. Staff hot-line 2-2772 (CSSB). It will ring all staff office phones and has voicemail. Business hours are 8 a.m. -- 6 p.m. Mon-Fri except State and Federal holidays. 2. CEWIT The CEWIT reporting website is: . There are 110 compute nodes (Dell, Xeon cpu). There are two HP 32GB RAM 4-CPU nodes available (compute-1-0, compute-1-1). There are 46 storage nodes online with 50TB of scratch space via PVFS. A number of additional nodes are assigned to "Planet Lab". If you are interested in projects for CEWIT, Planet Lab or have specific requests for support (add software, problems, questions) please use WREQ to send the request. 3. WREQ Problem Reporting Tool Work requests and problem reports must be submitted to WREQ and not to ntadmin/root or individual staff members. This helps us track the progress of work requests better. We suggest using the Web interface to submit wreq requests at the URL: . You can also email wreq at cs.sunysb.edu but the Web interface is preferred. If you send email, please send plain text (without MIME attachments) and send from your CS department account. 4. SECWREQ Problem Reporting Tool You are encouraged to use SECWREQ for requests such as requisitions, course room changes, office supplies, grade changes, room reservations, payroll issues, tuition issues, reimbursements and building management issues (heat/cooling/ lights/leaking roof). The SECWREQ tool is located at: . You can send mail to secwreq at cs.sunysb.edu; please do not send MIME mail or attachments there. Send email from your CS department account.