View
214
Download
0
Category
Preview:
Citation preview
PPD/CG Christmas Lectures
Windows – Wrap UpGareth Smith
PPD Xmas Lectures17th December 2007
Future PlansMicrosoft Office 2007
– New file formats. Issues of compatibility despite converters (esp. MS Project).
– Testing now– No roll-out date yet. Hope for co-ordination across site.
Microsoft Windows Vista– Testing now (including applications – Exceed…..)– Plan to go to 64-bit Vista– Investigating standard approach across site.
PPD Xmas Lectures17th December 2007
Web Services
New Web server (HEPWIN2003G) brought into production during August.– Windows Server 2003– IIS6– more disk space.
The migration included:Cleanup (archiving) of old webs.Tightening permissions.Use of secure (https) connection where password controlled access is needed.
Thanks to Alistair Haig for much of this work.
PPD Xmas Lectures17th December 2007
Security RemindersSkypeUse of the Skype (www.skype.com) peer to peer (P2P) telephony software is not permitted within STFC. This is due to the :
– Potential violation of the JANET Acceptable Use Policy (AUP) – Misuse of local client/network resources
Instant Messaging clients Use of the Instant Messaging (IM) clients within STFC continues to be restricted to authorised services only. This is due to the potential for:
– Network resource misuse – Increased exposure to IRC (Internet Resource Chat) borne virus/worm
infections – Potential corporate liability and Freedom of Information concerns – Lack of co-ordinated client management and patching – Incompatibility between some proprietary Instant Messaging
protocols/clients
PPD Xmas Lectures17th December 2007
Use of Virtualization
Becoming more popular as ‘easy’ to use.
Benefits:
Cheap
Much less hassle than dual boot
But...
Guest Operating System(s) still a security risk:
Patch, Firewall, Anti-Virus updates
Yet may only infrequently be started
Licensing issues
PPD Xmas Lectures17th December 2007
This week’s Security Vulnerabilities
The Consensus Security Vulnerability Alert. Dec 10, 2007
Widely Deployed Software:(1) CRITICAL: Cisco Security Agent Buffer Overflow(2) CRITICAL: Skype URI Handling Remote Code Execution(3) HIGH: HP OpenView Network Node Manager CGI Scripts Remote Code Execution (4) HIGH: Avast! Antivirus TAR File Processing Memory Corruption(5) HIGH: 3ivx MPEG-4 Codec Buffer Overflow(6) HIGH: Novell NetMail Antivirus Service Integer Overflow(7) MODERATE: HP Select Identity Undisclosed Authentication Bypass(8) MODERATE: OpenOffice.org Database File Arbitrary Code Execution(9) MODERATE: Novell BorderManager Multiple Vulnerabilities(10) MODERATE: MIT Kerberos Multiple Vulnerabilities.............. Etc.
PPD Xmas Lectures17th December 2007
This week’s Security Vulnerabilities - 2
Part II – Newly Discovered Vulnerabilities07.50.1 - Microsoft Web Proxy Auto-Discovery Proxy Spoofing07.50.2 - Microsoft Optical Desktop Wireless Keyboard Weak Encryption Information Disclosure07.50.3 - Microsoft December 2007 Advance Notification Multiple Vulnerabilities07.50.4 - Yahoo Toolbar Helper Class ActiveX Control Remote Buffer Overflow Denial of Service07.50.5 - RealPlayer RMOC3260.DLL ActiveX Control Import Denial of Service07.50.10 - HFS HTTP File Server Arbitrary File Upload07.50.11 - Apple Mac OS X VPND Remote Denial of Service07.50.12 - Apple Mac OS X Mach_Loader.C Local Denial of Service07.50.13 - Red Hat Content Accelerator Memory Leak Local Denial of Service07.50.14 - Zsh Insecure Temporary File Creation
PPD Xmas Lectures17th December 2007
Laptop SynchronizationWe advise:-Synchronizing your H: drive-Synchronizing Outlook.-… what if the laptop is stolen (or breaks).. Encrypt the file cache.Don’t synchronize personal files etc. unnecessarily.- Take care with personal information on USB memory sticks…
PPD Xmas Lectures17th December 2007
Access from offsite & visitor facilites
Access into RAL from Offsite:PPTPBastion HostOutlook Web AccessConfigure Outlook to use ‘https’. Use of (secure) imap.
http://hepwww.rl.ac.uk/ppdcomputing/WindowsXP/Outlook_page.htm For Visitors to RAL PPD:Regular visitors can register laptops with us.
– Require patched and have up-to-date Anti-Virus.– At present we do give out an address to a visitors’ laptop
even if not registered.Map “visitors network” through to offices.Can create accounts for visitors.
PPD Xmas Lectures17th December 2007
PDAs We provide some support for PDAs Experience with Windows Mobile 5 & 6. Tariffs available via the RAL Telephone helpdesk. Including 3G connections.
Example of PDA Choice. Vodafone v1615 (HTC TyTN II) Capabilities: Wireless, quad-band phone, USB, GPS Synchronize files with PC Synchronize e-mail, diary with Exchange
PPD Xmas Lectures17th December 2007
Computer Room PowerR1 Lab 8 Computer Rooms shared by Windows and LINUX (Tier 2).
Problem:• Significant increase in electrical power requirements for Tier 2 systems.• At limit of single phase supplies (60 amps to each room).• 2 racks full of worker nodes temporarily hosted in the Atlas building
Solution:Upgrade to use three-phase supplies:
• Three * 60amps in each room• Outer part of Lab 8 upgraded last year• Inner part of lab 8 upgraded in last weeks.
However, we may start hitting air conditioning limits.....
PPD Xmas Lectures17th December 2007
Christmas Plans
All essential systems will stay up (..... we hope .......)
Plan to turn off less essential services:- Citrix server- Some printers (e.g. A0 plotter).
Systems run ‘at risk’ over this period.
PPD Xmas Lectures17th December 2007
Recommended