SysBlog - Div III Networks - “what’s happening in our local ether”

A week after the change to Novell EDIR authentiaction there are still several outstanding issues. Hopefully you can all be patient while we juggle a very packed workload which includes lots of other tasks besides scinix. Here’s the list.

• Slow performance looking up names in EDIR. This affects clients, a ls for example has to look up your name in the database. This is very important and we will fix it.
• I have not ported any class acounts to edir yet. I may not if it’s OK with CS faculty, just setup new ones for the fall.
• OLD linux clients, I still had a few redhat 9 out there don’t work. I think at this point that only affects James.
• Fedora 7 (the new linux in the classromms this fall) performs better than Fedora 5. After things calm down, I would like to upgrade (reinstall) your PC if you want it

Ok that’s it for now! –Eric

• Comments Off

Summary

Use the colleges Novell account system to authenticate a linux user.

This change is phase one in making linux more accessible for all members of the Smith community. Eventually next year any person with a Smith groupwise/novell account will be able to log on and use linux, much like you can on a Mac.

For now though this summer we are going to move authentication to the colleges Novell directory service, which means you will log into a linux machine using your Novell/groupwise password. No other changes are taking place.
Highlights

• Keep scinix account names, no changes, aka orourke vs. jorourke in Novell.
• Accounts will follow college policy, graduated students and spouse/kids accounts will be removed.
• Future accounts will be created/removed in the normal manner by ITS or CATS staff. For this year new accounts will be created by Eric J. since I still have to make a scinix home directory.
• We will continue to create class accounts for CS for this year.
• Accounts of graduated students that contain research that faculty still use will have the data moved to the faculty’s account.

Schedule

• 7/13 - remove graduated student accounts, and old non-affiliated accounts.

IMPORTANT! Please notify me ASAP of student accounts that you use data from. I will move those files into your home directory using the same name as the existing account for the directory.

• 7/23 - One day downtime of scinix network while account base is switched over.

• Comments Off

There are currently two ways (web addresses) for getting to the Groupwise Web client: gwweb.smith.edu and gwwebs.smith.edu (notice the “s” on gwweb - it stands for secure!). While they both work fine, you’ll notice three important differences at gwwebs.smith.edu.

1. It is somewhat slower to bring up the initial page
2. It will ask you to accept a “certificate” before you connect the first time (Tell it to accept “permanently”)
3. Your web browser will show that you have a “secure connection” (just like purchasing an item on Amazon.com)

What a secure connection (or SSL) means to you is that your connection is encrypted. This means your username and password are encrypted before leaving your computer and flying across the internet where any “bad guy” could be sniffing for them.

In the future, ONLY encrypted connections will be allowed to Groupwise Web, but right now, it’s your choice. Because we STRONGLY feel that passing your password in clear text is a VERY BAD IDEA, we are changing the link on the Science Center home page to go to the secure connection. It’s a minor inconvenience that could protect the security of everything you do on the internet.

If you’ve got questions, let us know!

• Comments Off

Background - Changes in FTP

FTP is a file transfer program that allows you to copy files between computers that support the protocol. In the Science Center, we currently have FTP working on “websci” (our webserver) and “science” (the Novell server that provides your H: drive).

FTP is an insecure service; it passes everything you type, including your username and password in cleartext over the internet. We’ve known this for years of course, but for various reasons could not quite justify shutting off the services. However today there are secure alternatives to FTP, so you can replace it without any problem. For that reason, beginning on June 1, 2007, we will disable all unencrypted/unsecured ftp services on websci and science.

How does this affect you? Probably many of you have never used FTP and can continue that! For those of you who do use it, here are your alternatives:

FTP on websci

If you currently use FUGU (on the Macintosh), you should be all set. Fugu uses only the Secure FTP protocol (SFTP). Another common Mac FTP client is Fetch. Fetch will use Secure FTP if directed.

If you now use WS_FTP on windows, you will need to quit using that and switch to a secure shell file transfer client. One is already located in your Start menu under “Programs/Internet/Secure Shell File Transfer.” The program is very similar to WS_FTP: you connect to the remote computer using your username and password, then you drag and drop files between the two windows. An very similar alternative is to use CoreFTP (see below under “FTP on science”).

If you use Macromedia Dreamweaver to edit your webpages, it already supports SFTP so you may need to do nothing, or simply edit your server configuration. CATS can help walk you through the steps if you need help.

If you use Macromedia Contribute, it also supports SFTP. Again we can help you with that if it’s not already setup correctly. Older versions of Contribute may not support SFTP; in that case we advise an upgrade.

FTP on science

The easiest method of moving files to/from Science is to skip FTP altogether and go to the science web page, click on Web Services (at the top) and read about NetStorage and NetDrive! Really, if you need to copy files to and from, say your home PC, and SCIENCE, you should use the above programs; they are much better (and more secure) than FTP.

If you must use FTP, we have enabled an SSL-encrypted FTP on Science, and have a free client called “coreFTP” available on the “software downloads” page on the science website. Instructions are on the webpage, but we are also available to help configure coreFTP. Note: coreFTP can also be used as an SFTP client with “websci”.

• Comments Off

Wondering what’s up with the mail marked as spam, some of which still gets into your Groupwise inbox? According to an email from ITS,

“The new subject prefixes [**spam**] and [**phish**] are being added by the McAfee virus protection appliances. The latest software update on these appliances incorporated a fee-free implementation of SpamKiller. Right now we have configured the McAfee appliances to merely add the spam scoring information to the headers and to prefix messages it identifies as spam. They are not taking any blocking action on messages based on spam content.

The MessageScreen anti-spam appliances are the next stop for messages. Several new rules have been added to look for SpamKiller scores and to take appropriate action. SpamKiller is much better at identifying image based spam for instance. However, MessageScreen will still honor user trusted sender lists and will deliver messages from trusted senders and domains no matter what the content. This explains why some messages arrive in your mailbox with the spam/phish prefixes.”

• Comments Off

Some people have had problems with passwords in the past two days as we have implemented a new Novell password system, called Universal Password. It was supposed to just slip in without notice, but that’s apparently not happening. In the long run, U.P. will help with many of our PAST password problems, especially for Macintosh users.

To make the process go more smoothly for you, we believe that following the steps below will help:

* Log into Groupwise Web (NOT the Groupwise client, you should use a web browser). You can get there by clicking on the Groupwise button on the Science Center home page (http://www.science.smith.edu) or go directly to http://gwweb.smith.edu

* Click on Options at the very top of the page (towards the right).

* Go to the Password tab and Change Your Password. YOU CAN CHANGE IT TO THE SAME AS YOUR CURRENT PASSWORD if you wish - it doesn’t have to be something different for this to work - and click Save.

That’s it. The system has now stored your current password into the Universal password and hopefully everything will work as it’s supposed to. If you have problems logging in, you can contact either Kelly (x4409) or me (x3847) or contact the User Support Center (x4487).

I just realized that this sounds like a typical “phishing” message attempting to get your password. If you’re nervous about it, you can just wait and see if you’re one of the unlucky ones with a problem. No harm done…

We apologize profusely for the confusion and inconvenience
- Eric

• Comments Off

Taken out of context, but a really good thing to remember:

… this is not a technology based scam; this is a lack-of-awareness scam. If someone calls you, or leaves you a number to call them, that is not a good reason to give them your personal details about your credit card and bank account. Further, if your bank issued your credit card they certainly already know the security code on the back of the card. This would make a good awareness Tip of the Day:
If anyone ever contacts you about your credit card, thank them, hang up, and call the number on the back of your credit card.

- Stephen Northcutt
Pres., SANS Technology Institute
7/21/06

• Comments Off