19 August 2003

Worm activity

Update on recent malicious code attacks on the University network.

The last fortnight has again seen an increase in computer worm activity throughout the world. The University appears to have come out of the latest attacks relatively unscathed, but there were isolated incidents of infection to computers within the network where security practices were lax (not in this Division this time, I hasten to add).

Client Services Division has pointed to several practices that leave the network open to attack by malicious code. These include:

  • Failure to keep University server and desktop machines up to date with the latest security patches and virus definitions.
  • Use of private unpatched and unprotected computers on the University network, particularly when users have accessed non-University email accounts from servers that don't screen for malicious code.
  • Connecting to the university network via modem, bypassing the protection the University has in place.

Our practice in the Division is to ensure malicious code in emails and attachments is trapped by the email server, and each desktop machine is set up to maintain its anti-virus software with the latest definition files to ensure files from sources other than email are virus-free. TSU is investigating configuring desktop machines in the future so that the machines automatically receive the latest software patches to improve their immunity from attack, but this approach will require some consideration to make sure users are not unduly inconvenienced by the changes.

The Division's servers are patched regularly to retain a high level of protection. Users are not permitted to connect servers to the University network.
Users who attach private computers to the university network must ensure that their computers are virus-free and protected against attack. Users who are found to introduce malicious code to the university network will not be permitted to attach their computers to the network.

Users are not permitted to dial in to the University network via modems attached to the University telephone system.

Collaborative Environments

Progress report on the move to a campus-wide email and collaborative services environment.

The University has decided that there should be one campus-wide email system in place. With our recent move to Exchange, it is unlikely that the Division will have the resources to again change its email environment in the near future.

The Division will be pleased to move to a University-wide system if it went beyond email and included a set of tools that included email, calendars, discussion lists, forums, instant messaging document sharing, management and archiving, and collaborative authoring: a Collaborative Environment. Such environments can also include integrated voice mail, electronic despatch and receipt of faxes, and video (and audio) conferencing over the Web.

A Working Party to select a University-wide Collaborative Environment has now been established and will report to the University Information Management Systems Committee (UIMSC). The Working Party is currently developing a proposal for UIMSC endorsement that is firmly based in the University's Strategic Plan, and includes opportunities for broad consultation throughout the University community. There is a particular emphasis on the needs for consultation throughout the process, including opportunities for training for staff as the new systems are introduced.

Outlook Training

Update on Outlook trainer.

Tom Townsend has joined the Technical Services Unit team part time for a few months to help out staff experiencing difficulties with the Outlook email client, as requested by Executive earlier.

There is a booking form on the Web for staff to request half an hour of Tom’s time to help them out. Staff in the Division will be notified of the existence of the service later this week, by the time Executive meets.

SLIE-DOMAIN Demise

The transition from SLIE-DOMAIN to UCSTAFF is now complete.

The Division has now moved authentication away from the old SLIE-DOMAIN to UCSTAFF. The new domain is managed by Client Services Division in Active Directory, and should in theory reduce the administrative load on the Division's IT staff. Information in the Active Directory is drawn each night from the Staff Directory, which means that the Division no longer has to duplicate data entries on new and leaving staff, or details changes. So long as the Switchboard is notified of arrivals, departures and changes in staff details, these should be reflected the following day in the new authentication system.

It also means another step towards single user names and passwords for staff throughout the Division.

The demise of SLIE-DOMAIN also reduces by two the number of servers required in the Division, down to about 20 (depending on what you count as a server).

Now that the move to the server hardware bought in 2001 is complete, attention is turning to further rationalisation of the servers we have. Each server has to be managed to ensure that it is fully up-to-date: with all known security and operational "patches" and updates installed to keep our place as good corporate citizens and maintain a high level of availability to our Divisional clients.

Student Email Outage

Information on a recent outage to student email services on campus.

Due to a power outage in the Building 10 Computer Room, a number of services were lost on Friday night 25 August 2003.

When the power was restored, the server providing student email services failed, and had to be restored from backup tapes. The restoration was completed on Tuesday morning 19 August 2003 at around 9.00am.

This provides another example of the impact of the lack of redundancy in the University's IT systems.

NowUC Website

The UCOnline Manager has raised concerns with the design of the NowUC website.

The UCOnline Manager has raised concerns with the design of the NowUC website. She believes the design of the site is not up to UC corporate standards, and has some concerns about the site's accessibility and usability.

05 August 2003

Web analysis tools

With increasing use of websites to communicate, it is also necessary to be able to track how effective the websites are. Simple visitor statistics can provide some insight into how websites are being used.

UCOnline has been asked to investigate the acquisition of enterprise web analysis tools, to analyse the structure and use of the University’s web sites. Such a system will allow us to provide statistics on visitors to the various pages around the campus, usage patterns and so on. With proper interpretation, suitable tools will allow use to provide a better service to users of the websites, identify broken links and orphan pages (those with no links to them), and other structural and usage issues.

An enterprise-wide system is likely to cost the University $20,000 to $50,000, with annual maintenance costs of between $2,000 and $20,000. Webtrends [ http://www.netiq.com/webtrends/ ] is an example of the type of software used commercially for this purpose.

Use of University equipment and off-campus loans

Policy on the conditions under which University equipment can be taken off campus.

TSU staff have been reminded of the University’s policies in relation to the use of University equipment, and the conditions under which equipment can be taken off campus, so they can be confident when approached in relation to the use of the Division’s resources of the conditions under which the resources can be used or loaned.

Network Access Policy

A link to the University’s Network Access Policy.

The issue of the University's Network Access Policy was raised at the last Executive. The Policy can be viewed online at http://www.canberra.edu.au/uc/policies/it/nap.html

Outlook Trainer

Executive has requested a trainer to help staff transition to using new email clients for use with the Exchange server.

The Division has organised a part-time trainer who will be available in about two weeks to help staff with Outlook. A bookings system will be available for staff to book time for the trainer to come around and help staff on an individual basis with Outlook and the new email system. The booking system will be available online at an address to be circulated in an email when details of his availability are confirmed.

Demise and resurrection of comedu (the server)

The slie-domain server, comedu, which has served the Division so well since its inception, has been decommissioned.

The migration of the Division's network services (email, web and file storage) from the old School of Languages and International Education server to new servers that were purchased over two years ago is now complete. The old server was disconnected on Monday, and it appears to have been a successful migration, with some issues (now fixed) with emails to old comedu.canberra.edu.au addresses from off-campus senders being bounced until the new email server could be fine tuned to accept these old addresses.

Staff should be reminded that they should use firstName.surname@canberra.edu.au email addresses, as the University will support this form of the email address in the future. Whether comedu addresses will be supported under the proposed campus-wide email and collaborative services system is unclear at this time.

All the Division's main web services are now on bacillus, the file storage on dcenas, and email and collaborative services on spirilium. Client Services Division will take back the old server as a development environment for Sun-based services.

Email addresses and departing staff

With email becoming such an important service for people, what happens with UC email addresses when a staff member leaves?

TSU has received a number of requests from departing staff to keep their email accounts active, sometimes for a considerable length of time after they leave.

The changeover to the new email system has brought us a step closer to an integrated, campus-wide collaborative environment, particularly in relation to integrating the Division's email system into the University's official system for identifying staff: the Staff Directory.

This is good for us in that it means there is much less duplication of effort required to keep information about staff current. It will be much easier to manage information about which staff belong to each School or unit for discussion or mailing lists for example: this is handled by using the Staff Directory.

One downside is the new system highlights the administrative effort required to manage the inclusion of non-University staff on discussion or mailing lists, or to manage email accounts for people not in the Staff Directory.

Section 4 of the University's Code of Professional Ethics states that:

University information systems, including software and computer equipment, may be used only by staff or students of the University within the established University guidelines, and only with the approval of a duly authorised University officer. [http://www.canberra.edu.au/secretariat/codethic.html accessed 31 August 2003]

While we will continue to provide email services for a reasonable time (around a month) to staff departing, we cannot continue this support indefinitely. Client Services Division is taking over responsibility for hosting discussion and mailing lists that include significant numbers of non-University addresses.

Radio and Television Reception and Reticulation

Progress on the installation of satellite dishes on Building 20.

A Request for Proposal for the reception and reticulation of radio and television services around the Division has been sent to two potential suppliers. Their responses are due at the end of August, and it is hoped to have the system in operation by the end of January 2004.

Network outage

Explanation for the recent difficulties experienced with the Division’s NAS.

Sometime before 11am on Friday, 1 August 2003, the Division's Network Attached Storage device (dcenas) began to exhibit behaviour akin to that of sahara in some recent episodes where students, Corporate Services Division staff and Client Services Division staff were unable to access their profiles and home drives. Sahara is Client Services Division’s Network Attached Storage device and is similar to dcenas.

Examination of dcenas showed that the system was extremely busy doing something that can't be identified. All other requests to the system (for information about profiles, access to documents and so on) were being suspended or refused until it appeared that the server was not responding at all.

Because of their recent experience, Client Services Division were informed and three staff arrived to examine the problem. They were unable to determine the cause of the behaviour, so the server was restarted at around 12.30pm. It has been operating normally since then and full service was restored to the Division.

They gave us some clues as to what they have done, which seems to have stabilised sahara over the last couple of months. We will implement some of these suggested changes to the dcenas environment next week and continue to monitor the situation.

Demise of ICT Productivity Group

Structural changes in IT Management.

With the advent of the new PVC Research and Information Management, the University’s IT committee structure is being revamped. Policy responsibilities will be taken over by the University Information Management Systems Committee (UIMSC), which will have a strategic focus, and operational issues by the Network and IT Services Co-ordination Committee (NITSC). It is unclear what impact this will have on the Student Printing project.

Student Printing

Recent proposals to charge undergraduate students a uniform amount for printing and photocopyng across the campus has caused some concern.

Postgraduate students in the Division have raised concerns about proposals to charge students for printing. VCAC has asked the ICT Productivity Group to investigate the issue, particularly in relation to implementing uniform charges across the campus.

At this stage there is no intention of charging PG students for printing in their labs. Undergraduate students are charged for printing in some cases but not others. This is considered inequitable and VCAC has asked the ICT Productivity Group to manage the introduction of equitable charging across the University. The current charge is 20 cents per A4 page.

There is a suggestion that students be given an allowance to cover some printing costs, in much the same way as Internet access charges are levied.