30 September 2003

Representatives on the IT and Infrastructure Committee

Representation on the Division’s IT and Infrastructure Committee is important to ensure all Schools get to have a say in the Division’s allocation of its limited resources for equipment and infrastructure.

The IT and Infrastructure Committee reports to Executive on issues relating to the Division's IT needs and infrastructure requirements, and makes recommendations to the Executive on priorities for IT spending.

It has been difficult to find a time for all the representatives on the Committee to attend its monthly meetings. The Acting Chair of the Committee is concerned that the lack of representation on the committee may lead people in the Division to feel that not all voices are being given the opportunity to be heard. The Secretary of the Committee has recently tried to find a time where all current representatives can attend, but it appears there is no common time available.

Schools should seek to ensure their representatives can attend the meetings (currently held at 3pm on the second Wednesday of each month) so that each School can be involved in the process.

Loss of equipment on loan

Restatement of the conditions under which students can borrow University equipment.

Recently there have been several examples of equipment loaned out to students going missing or stolen. Over the past few months the Division has lost a digital still camera purchased for ~$600, a tripod (~$300) for video cameras, and most recently a laptop computer (~$3,500) loaned to a post graduate student that was stolen from their car while the car was parked in a car park, off campus.

Under the terms of the loans, we can seek to recover the replacement cost of the equipment from the borrower. While the student who lost the digital still camera agreed to pay back $400, they have since dropped out of their course and we don't expect to recover any more from them. We are seeking to recover the costs of the other items from the students concerned, and will reinforce the message with the students that they are responsible for the equipment loaned to them and will have to pay for its replacements if it is damaged, lost or stolen.

AUC Conference Papers

Some details of papers presented at Apple University Consortium Digital Voyages conference.

Papers at the AUC Conference covered a range of topics from technical explanations through to theories of online interaction, with many stages between. It has been refreshing to hear and see what other Universities around Australia and beyond are doing, the challenges they face and how they cope.

Quite a few departments are developing solutions (a cynic might say reinventing wheels) to address their particular challenges, some have taken technologies and applied them to solve their problems in new and innovative ways to give them good returns from limited investments.

Notable presentations included:

  • Joe Luca from Edith Cowan University and Daniel Saffioti from the University of Wollongong both demonstrated their own courseware management systems developed to overcome the shortcomings they have encountered with commercial systems like WebCT.
  • Michael Fardon from UWA gave an update on the streaming lecture solution they have been developing for a number of years now. The UC lecture recording system has done some things better than UWA, and at the same time can learn something from what UWA has done.
  • David Cameron from Charles Sturt University gave a presentation on how CSU has used streaming video to give its journalism students a taste of live television production. Our own facility at UC is waiting for us to have the time to install the last bits of the technology we need to do this, and to learn the techniques required to make it happen in practice (and to be able to use the television studio to produce quality presentations for streaming over the Internet).
  • Joe Jackson from Carnegie Mellon University explained how MacOSXlabs.org provides a wide range of resources for IT staff around the world to help them set up and run Macintosh computer labs in Universities that integrate with wider network resources like directory services and other platform resources.

Survivability

The recent explosion in malicious code attacks on Windows has raised the question of whether it is in the interests of an organisation to rely for its computing requirements on a single operating system.

The US Department of Homeland Security is reported to be saying that reliance on a single system for US organisations is a threat to US national security, and advises organisations to adopt IT policies that lead to the computing equivalent of biodiversity.

While our own Division did suffer as a result of the recent attacks, Macintosh users were only inconvenienced to the extent that the email server was overwhelmed with the sheer number of emails generated by infected Windows machines, and the network itself was saturated with traffic from virus emails and worm activity: the Macintosh is immune to the virus and worm code propagated during these recent attacks.

While it is common to hear that the only reason the Macintosh and unix machines don't get targeted with malicious code attacks is because they form an insignificant proportion of computers in use, this isn't so. Unix has been around for 30 years as operating system used for many tasks, including the support of servers containing sensitive information. Any vulnerabilities in the operating system that are identified can be quickly closed by the world wide unix community, and have been over the last 30 years. Many flavours of unix are open source, which means the code is available for the developer community to work on and contribute their solutions back to the operating system source code. Windows is a much younger, proprietary system that only Microsoft can change.

The vulnerabilities exploited by malicious code like the recent SoBig and Blaster attacks are not available for exploitation on the Macintosh: the Macintosh desktop operating system ships with the ports exploited by the malicious code closed, whereas Windows must have them open to operate; installing applications on the Macintosh of the type common with Windows exploitations is not permitted on the Macintosh without the computer's administrator approving the installation and entering their administrator's password (the malicious code doesn't run on the Macintosh or unix machines, but if there were such exploitations on the Macintosh, the administrator would have to approve the installation before the code could be executed - not good practice).

While it is certainly possible to conceive of vulnerabilities in unix being exploited, the likelihood is far less than with Windows: a prudent strategy is to encourage a diversified computing environment that reduces the risk of the organisation being unable to operate when its standard desktop is compromised.

Apple University Consortium Digital Voyages Conference

Report on attendance at Apple University Consortium’s Digital Voyages Conference in Adelaide.

This week the Manager, TSU, attended the AUC's Digital Voyages Conference for Academics and Developers in Adelaide. His attendance at the conference was sponsored by the AUC in return for his running the Final Cut Pro 4 and DVD Studio Pro 2 pre-conference workshop last Sunday.

He comments that, as a filmmaker, he feels that this version 4 of Final Cut Pro is the first digital video editing program that effectively can work without additional proprietary hardware add-ons. The workshop was a very effective demonstration of using a professional video editing product on what are essentially desktop computers.

TSU Network Manager is also at the conference, and attended another of the pre-conference workshops, on Mac OS X Lab Management, as a participant.

One of the recurring themes of the conference is the power of the current Macintosh operating system, OS X (ten, not 'ex'). The fourth major release of this unix-based operating system, OS X 10.3 (codenamed 'Panther'), is due before the end of this calendar year, and it shows great maturity. The Division should seriously consider an active program of adopting the upcoming release as the standard operating system for its Macintosh computers in labs and on desktops.

Representatives on the IT and Infrastructure Committee

Representation on the Division’s IT and Infrastructure Committee is important to ensure all Schools get to have a say in the Division’s allocation of its limited resources for equipment and infrastructure.

The IT and Infrastructure Committee reports to Executive on issues relating to the Division's IT needs and infrastructure requirements, and makes recommendations to the Executive on priorities for IT spending.

It has been difficult to find a time for all the representatives on the Committee to attend its monthly meetings. The Acting Chair of the Committee is concerned that the lack of representation on the committee may lead people in the Division to feel that not all voices are being given the opportunity to be heard. The Secretary of the Committee has recently tried to find a time where all current representatives can attend, but it appears there is no common time available.

Schools should seek to ensure their representatives can attend the meetings (currently held at 3pm on the second Wednesday of each month) so that each School can be involved in the process.

16 September 2003

Reticulation of Satellite and Terrestrial Radio and Television services

After extensive discussions covering many years, the Division is in the final stages of negotiating an agreement with a supplier for the installation of the infrastructure required to receive and reticulate local and international radio and television services.

Based on a user requirements study commissioned last year, five suppliers were short listed, and three were invited to submit proposals. One proposal was received from Ritech Communications for the first stage of the project (which will see a number of satellite dishes erected on Building 20 and the infrastructure required to receive 28 video and audio channels via RF though the existing RF aerial network that was installed when the building was constructed). These services will be made available to the RF networks in place in Building 5 and Building 9 when connections to these buildings can be made: this is a separate project involving the University’s networking contractor, ProTech, in consultation with Client Services Division. How we can get the services to Building 1 will depend on the outcome of these discussions.

Some or all of the services will be available over the IP (computer) network as a result of Stage 2 of the project. In Stage 3, users will be able to request, using a World Wide Web form, the recording of any service available over the IP network. The recording will be available digitally for replay over the computer network when required by users. All three stages are funded under the NILL infrastructure funding, and are expected to be completed by July 2004.

Further enhancements of the system will allow digitally recorded materials to be edited and saved on videocassette or DVD. These facilities will depend on us being able to provide other infrastructure (computer hardware, software, network infrastructure and professional development), some of which should be available through NILL funding. Other requirements, particularly professional development, will need to be resourced separately.

Reorganisation of IT

Update on the reorganisation of IT across the University.

On Wednesday 10 September 2003 Professor Andrew Cheetham, Pro Vice Chancellor Research and Information Management, gave a presentation called ICT@UC : future directions to UC IT staff. The Powerpoint slides from his presentation are available at http://www.canberra.edu.au/cc/cheetham/index.html.

His message to the meeting was essentially that the current structure of "IT" organisation around the University was no longer an option, and a single management structure for "IT" would be implemented in early 2004. No details on how this would work in practice were canvassed: staff were invited to participate in a planning process that would result in a proposal going to VCAC in December 2003.

SMS Consulting has been contracted to develop a draft proposal for the restructure: Les Whittet has made an appointment to meet with me next Wednesday.

Email

Microsoft products, including Windows Server, Exchange Server and desktop operating systems, continue to be vulnerable to exploitation from malicious code.

We continue to have issues with email that relate to the vulnerabilities of Microsoft products, including Windows Server, Exchange Server and desktop operating systems, to exploitation from malicious code.

The latest episode, last Friday, involved over 111,000 spam email messages being relayed through Exchange servers on campus from some outside source, resulting in our Exchange Server being overwhelmed, and blacklisted by several anti-spam services. The issue appears to have been resolved but there is no understanding of what had happened or how it was fixed. The security on the server has been increased to such an extent that there continues to be problems sending legitimate email from some machines. The server is no longer blacklisted.

Student printing

Update on moves to charge undergraduate students a uniform cost for printing and photocopying across campus.

The printer in the ICT in Education student lab has been removed. This printer has been subject to an increasing amount of use over the past year, had been through three toner cartridges in the last month (more than $600 worth of toner), and was in need of repair. In line with the University move to ensure equitable charges for printing for undergraduates across campus, once fixed the printer will be placed in the CRC and connected to the Pharos printer control system.

Students will need to have a credit balance in their printing accounts to be able to print to this printer. Paper and toner will be supplied. Each page will cost them 20c, with 18c going to a Divisional account, the remaining 2c retained by Client Services Division to contribute to the cost of the licence for the Pharos software, and infrastructure costs.

The 18c will go into the CE administration account, from which the paper, toner, installation, maintenance and repair costs would be taken. The cost of replacing the printer would come either from the IT loan account, or from the admin account.

02 September 2003

Community Television

TransACT has approached the University informally about the possibility of the University’s involvement in community television.

George Bray from TransACT has contacted the University regarding the Division’s interest in community television. He will be writing to us with further information on the current TransACT perspective on community television for discussion.

PC virus and worm incidents

More malicious code attacks, their impact on the Division, and what can be done about them.

The increase in virus and worm activity targeting computers running Windows operating systems over the past few weeks has consumed significant amounts of TSU resources. Client Services Division has coordinated a review of the University’s response to these world wide threats, and the bottom line is that the University has not suffered as much as some organisations, that although we didn’t do badly we could be doing better, and that we should be seeing this as a wake-up call. The most significant issue that has come out of the review is that computers attached to the University network must have the appropriate software “patches” to foil attacks, and that the anti-virus software is constantly updated.

Operating system updates

The attacks of the nature we have seen over the last three weeks exploit vulnerabilities in Windows operating systems that have been previously identified and for which Microsoft has provided “patches” before the vulnerabilities are exploited, sometimes more than a year before. The sequence with exploitations is always the same:

  1. a vulnerability is discovered,
  2. a patch is issued, then
  3. someone exploits the vulnerability.

Only unpatched machines suffer directly from the exploitation of the vulnerability, although other users suffer from the attacks with avalanches of emails or saturated networks.

Although Microsoft supports a process ("Windows Update") to maintain Windows operating systems (at least the ones we use in the Division), there are several difficulties with the process:

  • Users have to be involved in the process.
  • Not all updates are required for all computers.
  • Some updates are:
    • Large,
    • take a long time to install, and
    • take up a lot of network bandwidth that has to be paid for.
  • Some updates may not work as planned and render computers unusable.

Client Services Division is investigating an on-campus software update server ('SUS'), and developing a process to ensure Windows operating systems are automatically patched when required with certified updates as tested by the University IT community.

In the meantime, TSU staff are being reactive and patching computers that become comprised by malicious code. This is not an ideal situation, but it is the only way in which we can currently manage with the resources we have at our disposal. It may be prudent to ask staff using PCs to run Windows Update on their machines, and helpdesk will monitor patches as they are released by Microsoft and advise staff to run the update if it is deemed necessary. Updates and patches to student machines in labs (including postgraduate machines) will need to be managed by TSU.

Anti virus software updates

The University is site-licensed for Network Associates' McAfee VirusScan software. PCs should be configured to maintain the software scanning engine itself and the virus definition files on a regular basis. This process should not be turned off.

Access to the University network

Attaching computers with malicious code on them to the University network is the major source of virus and worm attacks. A particular threat is unpatched and unmaintained portable computers that are taken off-campus and attached to the Internet (from home, say), being infected, then returned to the University and plugged back into the network. Guidelines for the Management of Information Technology by Campus Units states:

The responsibility for the integrity and security of the Campus Network ... rests with the Client Services Division eg. no equipment can be connected to the "Campus Backbone" network.... without the authorisation of the Client Services Division...
http://www.canberra.edu.au/uc/policies/it/it-guide.html [accessed 1 September 2003]

In theory this means that Client Services should authorise each instance of, for example, a portable computer being plugged in to the University network. It has been suggested that no such authorisation would be given without the computer being subject to an audit to ensure it is free of malicious code and is fully up-to-date with system software patches, anti-virus software and virus definition files, every time it is proposed to attach the computer to the University network. This would in practice be unworkable.

To prevent Client Services Division from insisting that all computers to be attached to the network are tested to ensure they are fully patched and protected from viruses every time they are to be attached to the network, it is imperative that all such computers are up-to-date. The University is site licensed for all University-owned machines to be patched and maintain the latest anti-virus software and virus definition files: owners are responsible for ensuring any private machines are up-to-date before attaching them to the network. Any machine that is not up-to-date should be either updated immediately or removed from the network until it is.

Who are we?

Development of a policy on naming Divisional network services.

The new main servers in the Division that have replaced the comedu server have names like dcenas, bacillus, spirilium, and comedprn. comedu still works as a web server address (http://comedu.canberra.edu.au/), as does ce, as is http://www.ce.canberra.edu.au/. This lack of consistency, along with some of the more esoteric names like bacillus and spirilium, makes tasks like promoting the services a little more complex than they should be.

The Division has decided to settle on one contraction or acronym that describes the Division (ce), and to make it consistent across the services where it can be done. Using ce will give us cenas, ceprint, cemail, http://www.ce.canberra.edu.au (or http://ce.canberra.edu.au/).