Faculty
Advisory Committee Meeting
December 2002
Summary: The Faculty Advisory Committee was presented updates on OIT activities including, network security, software licensing, intellectual property concerns, and wireless networking.
Attendees
Attendees: Bruce Blumberg, Nohema Fernandez, Stephen Franklin, Alan Goldin, Joy Grosser, Garrett Hildebrand, Bob Hudack, Dave Leinen, Carol Hughes, Hugh Roberts, John Romine, Dana Roode, Patti McCarthy.
Topics Covered
- Network Security
- UCI Software Licensing Coordination
- Concerns of Intellectual Property Owners
- Wireless Networking Update
Network Security
Garrett Hildebrand reviewed the new relationship OIT is entering into with Foundstone, a local Mission Viejo Company. Foundstone is well respected in the network security field; they have written books on security, and also teach classes that UCI staff have attended. Foundstone is providing UCI free access to “Foundscan,” their network security vulnerability assessment software, in return for the ability to test evolving versions of their product in UCI’s large and complex network environment. Foundstone can be configured to give distributed access to departmental support staff who can use it to do in-depth scans of local networks. The scans do not significantly impact network performance, and do not access data on systems. The goal is to identify vulnerabilities so they can be corrected before outside “hackers” can use them to break into systems.
More information on Foundstone is available as follows:
- http://www.foundstone.com/pdf/foundscan_general_faq.pdf (PDF Document)
- http://www.foundstone.com/pdf/foundscan_technical_faq.pdf (PDF Document)
Microsoft “NetBIOS" ports have been blocked at the border router to close a security hole that was being probed by 5,000 - 10,000 outside systems each day. To provide Microsoft file and printer sharing with the NetBIOS ports blocked, OIT has implemented a Virtual Private Network (VPN). The VPN also allows secure access on wireless networks, and a way to reach restricted UCI resources from off-campus. For more information see:
OIT has implemented a script that automatically blocks outside hosts that the UCI Intrusion Detection System (IDS) detects are scanning systems on UCInet. The block is removed automatically after a certain period after the scanning stops. Repeat offenders are permanently blocked. The IDS will detect other attack patterns as well and OIT staff take appropriate manual action. OIT staff also monitor a list of “top network talkers” and review situations where hosts unexpectedly transfer more than 1 gigabyte in a 24 period of time. These systems are sometimes ones that have been broken into.
UCI Software Licensing Coordination
Bob Hudack gave a presentation about OIT software licensing coordination activities (see http://www.oit.uci.edu/advisory/BulkSoftwareLicenses-v3_files/frame.htm for the Powerpoint slides). Some of the points Bob made were:
- Most of the software licenses OIT deals with are “bulk” licenses and not “site” licenses. They provide a lower cost for a fixed number of licenses on campus rather than allowing unlimited use on campus.
- The vendors tend to assume that everyone wants the same thing, but that is not true at UCI.
- For the most part, campus funding is not centralized; whoever needs a software license buys it. At times OIT becomes aware of a potential software need and looks for multiple departments that are interesting in contributing to a bulk software license acquisition.
- Sometimes a department such as OIT or Administrative Computing Services needs software and their purchase allows the entire campus to use it.
- There is a UCOP technical acquisition support group that holds conference calls monthly. Steve Franklin is UCI’s contact and Bob Hudack is the alternate. An example of a UC-wide software arrangement is Eudora. In 1998 UCI’s Eudora cost was $5K, and by 2004 it will be $19K for the same level of use.
- OIT is looking for feedback on how software purchasing can be made more efficient. It is difficult to identify the user base for on campus for a given piece of software. OIT primarily works through departmental Computing Support Coordinators (CSCs) - is there a better approach?
- To see what we currently have licenses for on campus, see http://licenses.nacs.uci.edu.
The OIT FAC supported OIT current approach to software licensing, and felt that working through the CSCs was correct. There was general discussion on augmentations to this approach, and on the need to remind faculty and other users of the role CSCs play in this process. A concern was raised with regard to the UCI Bookstore’s selling of software that might be available less expensively through an existing UCI bulk license.
Concerns of Intellectual Property Owners
OIT shared a letter written to President Atkinson and other University presidents from the recording industry regarding illegal downloading and use of materials covered by copyright. There is pressure on Universities to take more action to discourage this activity, including “educating” students about the matter. UCI already has policies in place spelling out the fact that downloading copyrighted materials without permission of the copyright holder is prohibited. Residential Housing and OIT limit network bandwidth available to “peer to peer” (P2P) applications, but it is not possible to identify all P2P traffic.
A related mater concerns copyrighted material that is found on UCI network-connected computers. Steve Franklin explained that UCI follows the provisions of the 1999 Digital Millennium Copyright Act (DMCA). We have to follow DMCA procedures that accept and respond to complaints of copyright violations on UCInet. There is good information about copyright on the Web, such as the HumaniTech page that Barbara Cohen maintains (http://www.humanities.uci.edu/humanitech/copyright/copyright.html). We have not any infringements pertaining to classes or academic dealings. Many of the complaints were the result of security weaknesses being exercised that allowed UCI computers to be turned into illegal material servers without the knowledge of their owners.
Wireless Networking Update
A summary of wireless networking coverage recently extended on campus was shared (see http://www.oit.uci.edu/advisory/wireless-update-2002-12.html). OIT continues to add coverage in an incremental fashion. OIT is open for input that suggests looking for funding for more pervasive campus coverage. See http://www.oit.uci.edu/ucinet/mobile/location_details.html for current wireless coverage.
