|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Every personal computer comes with a built-in storage device called a "hard drive". The hard drive is a fast and convenient place to store your files. Unfortunately, it is not without a down side. The hard drive is neither a very secure nor universally accessible storage system.
The vast majority of personal computer users do not have a backup system for their hard-drive; any damage to the hard-drive tends to result in permanent loss of data. Additionally, you cannot access your files when you are away from your personal computer. These have been longstanding issues with personal computing, but fortunately there is a solution. You can store your files on the network using a network storage or file sharing service.
Network file storage protocols allow you to "map" or "mount" file systems from remote computers onto your personal computer. The remote files then look and feel as though they are on your local hard drive. You can create and edit documents on the network just as though they are normal documents on your hard drive. Because the files on your network drive are backed up, you do not have to worry about accidental loss of your files. As an added bonus, these files can be accessed from any computer, and shared with your colleagues.
The department of Computing and Information Technology provides two major network file storage and sharing services- Samba and Enhanced LAN Services (eLAN). The right one to use depends on your needs.
For simple, personal file storage you can use the Samba service running on the Zoo cluster. Samba can be accessed from both Microsoft Windows and Macintosh OSX clients without the need to install additional software. When you use Samba, your Zoo home directory appears as another drive on your local computer. You can access any files in your Zoo home directory, including your "public_html" directory (personal web space), and any files you have transferred to Zoo using SFTP. Though Samba can also be setup so that several accounts can access the same files, this facility is generally regarded as less flexible than that offered by Novell:
For many the Unix group approach is entirely adequate to manage sharing. However, for departments who require more flexibility, Enhanced LAN Services (eLAN) is a more appropriate choice. eLAN (sometimes referred to as "Gemini", or "NetWare services") allows people to share their files with individuals or departments on the system. Using these services, it becomes possible for several people to collaborate on one document. eLAN also is ideal for sharing database files, such as Lotus Approach and Microsoft Access databases. The service is available to both Microsoft Windows and Macintosh 8, 9, and OSX clients. Additional software is required to access eLAN from Microsoft Windows systems and is available for free for download from the UVM software archive. eLAN also allows departments to share access to their network printers more easily.
The dedicated systems administrators in CIT constantly are working on ways to improve both of these services. In the works are the following projects:
For additional documentation on how to setup and use these services, as well as contact information, see the following Web pages:
We are interested in hearing what additional features would be valuable to the UVM community. Please send your questions and comments to IT@uvm.edu.
-J. Greg
MacKinnon
CIT Client Services
Have you ever wanted to have your class participate in a video conference? Or perhaps wanted to invite a guest lecturer who had an incredibly busy schedule? Have you ever wanted to participate in a conference, but didn't want to spend 2 days traveling for a 30 minute session? Do you have a colleague who you would like to collaborate with more closely but avoid long distance phone bills?
Perhaps one of the many video conferencing options can come to your aid. Due to questions like the ones above, we've begun working on a website to help explain the video conferencing options at UVM. The site, at http://www.uvm.edu/cit/video/, is in its early stages, so if you have questions, comments, or suggestions about what your needs are, there is a good chance they will be incorporated in the "next edition". Please visit and contribute your ideas. - Steve Cavrak
Although email is adequately secure for the purposes for which it is typically employed, it may not be sufficiently secure for some applications, such as transmitting protected health information.
Below we discuss ways in which you can make your email transmissions more secure. Note, however, that regardless of how well you secure the actual email transmission, there are other ways in which related information may be disclosed:
Encryption
As mentioned in last month's issue, encryption can be used to improve email security. See email settings for information on configuring your email client with encrypted access to the server. Information on popular email programs is available on CIT's email site. Note:
Privacy Enhancement for Internet Electronic Mail (PEM)
In 1993 the Internet Engineering Task Force (IETF) drafted Request for Comment (RFC) 1422 which described methods for end-to-end encryption of email. The recommended approach employs certificate-based encryption key management. UVM and many others currently use digital keys to encrypt Web traffic (secure socket layer or SSL). A related RFC (1424) specifies how a combination of public and private keys can be used to assure that only the person whose public key you have specified can actually decrypt the message. Unfortunately, its complexity and a low perceived need for enhanced privacy have prevented this very clever algorithm from gaining wide acceptance.
What would one need to use privacy enhanced email?
We have no first-hand experience with the technology, but we understand that one would need:
This tends to be of limited value since you and all of your correspondents must purchase keys from a certificate authority. Typically, this approach is used primarily in institutions who have built their own public key infrastructure (PKI). As the demand of enhanced security for email and digital signatures increases, UVM will need to invest in this infrastructure.
In the meantime, if you are still interested, here is some information for using public key encryption with Outlook Express (largely derived from Microsoft OE documentation):
Digital IDs
A digital ID is comprised of a public key, a private key, and a digital signature. When you digitally "sign" your messages, you are adding your digital signature and public key to the message. The combination of a digital signature and public key is called a certificate. With Outlook Express, you can specify a certificate to be used by others to send encrypted messages to you. This certificate can be different from your signing certificate.
What's the digital signature?
It's a digital string that is usually bundled with the message. It is used to authenticate messages. A valid digital signature confirms that the message has not been tampered with, and commonly identifies the entity who signed the message. Signing a message does not alter the message itself.
Recipients can use your digital signature to verify your identity, and they can use your public key to send you encrypted e-mail that only you can read by using your private key. To send encrypted messages, your OE Address Book must contain digital IDs for the recipients. [Note that this enables you to easily send well-secured, private email to the wrong person.] That way, you can use their public keys to encrypt the messages. When a recipient gets an encrypted message, his or her private key is used to decrypt the message for reading.
Before you can start sending digitally signed messages, you must obtain a digital ID. If you are sending encrypted messages, your OE Address Book must contain a digital ID for each recipient.
Where do you get digital IDs?
Digital IDs are issued by certification authorities. When you apply for a digital ID at a certification authority's Web site, your identity is verified before an ID is issued. There are different classes of digital IDs, each certifying to a different level of trustworthiness. For more information, visit the certification authority's Web site.
How do you verify a digital signature?
With revocation checking, you can verify the validity of a digitally signed message. When you make such a check, Outlook Express requests information on the digital ID from the appropriate certification authority. The certification authority sends back information on the status of the digital ID, including whether the ID has been revoked. Certification authorities keep track of certificates that have been revoked due to loss or termination.
Further Reading
In the early days of Windows 3.1, a new desktop database tool was acquired by Lotus Development Corporation to round out its new desktop suite of products. It was described by many as the most usable Windows relational database ever. Ten years later, this venerable database product has been giving hundreds of people at UVM a way to create sophisticated relational databases, maintain complex data and generate the types of reports needed to meet many of the information demands of groups all over campus.
What makes Lotus Approach such a good fit for UVM's departmental information needs?
This product has been designed from the start to give the people who ask the questions but don't have programming experience, a tool to build an application to provide the answers. Existing office staff can, with moderate guidance from CIT consultants, design relatively complex applications involving multiple files that are joined to form a collection of data that is efficient, informative and safe to use. Approach does not bind together the data and the forms and the reports into one huge, complex and sometimes corruptible megafile. It actually does not have a proprietary format for storing the data it uses but rather allows you to pick from many existing formats. For the vast majority of newly developed applications, people use dBaseIV as the type of file to use. The dBase file format is almost as old as modern desktop computing and is one that can be used independently by many other computer programs. This strategy provides a great deal of confidence that, regardless of the health of any given application, the data will always be available. With less forgiving tools, I have been in the position of telling some early do-it-yourself database builders that their dead application took their data with it to data heaven.
If a tool is to be used by lots of people with a wide variety of skills, the issue of ease of use becomes critical. The menu system is clean and easy to explore. When we know there MUST to be a way to do something, a quick skim through the menu system almost always gives the user a path to follow to success. As a person who has the privilege of providing support to hundreds of Approach users on campus, I am especially appreciative of this menu system. It is relatively easy to direct a client to the right menu option - even over the phone. In many other products, what options you have depends on what part of the screen you have clicked on. It is VERY hard to see through the holes in the phone where a client has their mouse positioned. Approach is well known for its ease of use.
With a few clicks of the mouse, separate but related files can be joined to form a realistic representation of complex information structures. Virtually any desk top database tool can easily be set up to work with one basic data file. Approach shines when you need to build an application that represents real world needs that might involve much more complex designs. A savvy builder can create data entry forms that support efficient and safe data storage while being graphically sophisticated enough to make the screens comfortable to use.
Unlike many other database tools, many of the reports needed to meet common business objectives are created with just a few clicks of the mouse. For purposes of analysis, the crosstab report is one of the simplest to create and one of the most powerful. With this special report form you can obtain multiple summary views of your database. There are forms set up for creating mailing labels that support most common Avery labels as well as a merge letter tool that allows you to find the records you want, create merge letters, mailing labels or print envelopes without having to use separate word processing tools. You are also guided through the creation of various grouped summary reports as well as reports listing the detail information on a record by record basis.
If you need to move your data to a different file format, there is a simple file export option that lets you select from nearly twenty different storage formats including text files and spreadsheets. For more robust applications there is a macro language to help automate complex processes as well as a Basic programming language called Lotus Script. It is to Approach's credit that this Script language is almost never needed.
If you find that your spreadsheet is not quite working as effectively to manage your data, if you have a need to look at some existing data in a number of new ways or if you need to create a database application the meets the unique needs of your area, please take a look at this fine tool. Licenses are available at Microcomputer Services for $29.00 and consulting is always free at CIT Client Services. Call Doug Varney at 656-1181 or Douglas.Varney@uvm.edu.
Next month: an article on Crystal Reports and guidance on choosing the right reporting/data analysis tools.
What do agatized wood, a famous environmentalist's letters, Vermont artists, and a 19th century Lady's magazine have in common? All are represented in UVM's digital collections. Creating digital surrogates of original objects like documents, artwork, sound recordings, or movies, allow us to share these rare and often inaccessible materials. But creating these collections raises many questions. How can we create viable digitization projects without having to "reinvent the wheel" each time? How do we conform to emerging standards? Once created, how do we use these objects in teaching and learning? What impact do they have on scholarship?
Originally meeting to share information about our individual projects, the UVM (Virtual) Digitization Center explores how we can coordinate and develop university-wide models for digital collections. It currently includes members from the Libraries, Fleming Museum, Perkins Geology Museum, Art, and Computing and Information Technology. We invite anyone in the UVM community who shares this interest to join us. A listserv, uvmdc@list.uvm.edu, provides a place to discuss issues and progress, while a Web site, http://www.uvm.edu/~uvmdc, provides a place to collect our ongoing work. -Hope Greenberg
Perkins Geology Digitization Projects Update
The Perkins Geology Museum is wrapping up the production phase of
its 2-year digitization project this June. The digital archive
contains over 8,000 images from the museum's rock, mineral, and
fossil collection, in addition to slides, thin-sections, and maps.
The database uses a MySQL interface for data entry and retrieval, and
was designed by David Elvin of Vermont Information Systems. Records
are also converted to MARC
format and transferred to the University Library's Voyager system. To
learn more, contact the project team at 6-1374 or visit the catalog
at:
http://perkinscatalog.uvm.edu
- Denise Kleinman,
Geology
Fleming Museum Digitization Projects Update
For the past few years, the Robert Hull Fleming Museum has been working on the digitization of its diverse collections. Of over 19,000 objects, approximately 70% of the collections has been data entered into a relational database. Digital images are now being created for selected parts of the collections using scanners and digital cameras. All of this work will lead to greater accessibility and visibility for the Museum's collections, and the database and images will be made available via the Museum's website. Visit www.flemingmuseum.org for more information. -Margaret Tamulonis
We sometimes hear complaints about the difficulty in making progress on the IT front. There are a number of "excuses" -- lack of leadership (no names please), indifferent management, lack of time and resources and even our intransigent clientele. Effective partnerships, by aggregating resources and building consensus, can overcome many of these barriers thereby enabling real progress. These partnerships need not take any particular form. They can be partnerships among IT organizations, with and among academic and administrative management, and with the people who use our services. An example of a partnership having great potential, but frequently failing to meet expectations, is the committee...
Committees, task forces and project teams can be a route to successful partnerships. In recent years the role of committees in IT planning has been in decline at UVM. The Information Technology Executive Council (ITEC), the IT Task Force (ITTF) and now the Faculty Senate Technologies Committee are gone. While the IT Network, IT Standards, Network Security and IT Communications committees have been very good and effective efforts, they have been hard to sustain.
Why do some committee (group) efforts fail while others succeed? To succeed, such a group must have a clear purpose and charge. The best committees are working committees, with agendas and inter-meeting assignments. Having a good, organized, leader, though not always essential, can also be a big help.
How to fail: convene a representative group of people, with each having a unique agenda and point of view, and assign a vague purpose (e.g. "IT Oversight") that will allow each member to fully exercise his or her partisan tendencies. Don't give the committee any real power, responsibility or meaningful influence. Don't expect members to do more than to show up. On second thought, make attendance optional... ;-)
Some people raised their eyebrows when they tallied the different IT advisory committees recommended in the recent IBM IT consultants' report. While more than ten IT committees may seem like a bit much, there is more than enough work to go around. Multiple committees should allow each committee to focus on a clearly defined objective. And by working together, we should be able to accomplish more, to build consensus and a common understanding. On the other hand, most of us have been part of dysfunctional committees that simply waste our time -- when we could be doing "real" work. Of course, partnerships are real work -- which can also have real benefits when they are conceived, constituted, constructed and commissioned to solve problems of common interest.
***
For another perspective on partnerships, check out University of Georgia's "Campus Information Technology Partnerships" program, described on the Web at http://www.citp.uga.edu/about.html. Though this program is similar to UVM's "Collaborative IT Positions", it could have some important advantages...
***
We'd like to hear your ideas on how to forge successful, productive IT partnerships. We'd especially like to hear about successful IT partnerships at UVM. Some recent examples that come immediately to mind are:
Brand new high resolution projectors have been installed in the two CIT teaching labs, 113-Q and 113-T. These new projectors offer full XGA resolution, and don't require specific monitor settings to work properly.
These new projectors are much brighter than their predecessors, so you do not have to dim the room lights to see the projection. They also have an auto-shutoff feature that powers the unit down after 5 minutes of no signal, saving lamp life.
New interactive Webster whiteboards have been installed in the two CIT teaching labs, 113-Q and 113-T. These whiteboards use regular whiteboard markers (and can be used just as plain old whiteboards!) and are fully interactive with the instructor stations.
As of 25 March, the 113-Q lab board is ready to go. It is very simple to use - instructions are right next to the board. You can run the entire computer, interact with your favorite programs, or create marked-up pages that can be saved, printed, emailed or retrieved for later use.
We anticipate that the 113-T unit will offer the same functionality as soon as we get the needed USB hub and special adaptor.
We'd love to hear from you about these new tools. - David Houston
The UVM campus firewall project was completed on April 15, 2003. Beginning last spring when the residence halls first received firewall protection, the project extended firewall protection to the entire campus by gradually moving each subnet behind the firewall. The UVM campus network firewall is a device that restricts access to the UVM campus network from the Internet. Its purpose is to protect campus resources from abuse/attack by Internet users who may take advantage of the many vulnerabilities on modern computer systems.
Firewalls are generally configured to block traffic originating from the "outside" network (such as the Internet) to the "inside" network (such as the UVM Campus Network) , but allow systems on the "inside" to access systems "outside". This helps to block attacks on internal network resources from the outside network. The campus firewall has been configured to enforce this default behavior: computers on the UVM network are allowed to connected to external sites, but external sites are not allowed to originate connections to these computers.
An exception to this basic rule is made for servers that must be Internet-accessible. For these servers, traffic must be able to originate from the "outside" network, to access servers on the "inside" network. Examples of such servers at UVM include the Zoo cluster, www.uvm.edu, Library servers, and other departmental servers which have been granted firewall waivers to allow necessary incoming connections. -Lynne Meeks
For more information, see: http://www.uvm.edu/networksecurity
Effective fall semester 2003, students living in the residence halls will have their own unique phone numbers. Students will be able to keep the same telephone number as long as they live in a UVM residence hall. As students move to different residence hall rooms, their number will be moved with them (as long as they notify Residential Life). The new telephone numbers will be in the 542 exchange with numbers of the form 542-xxxx from off campus, or 2-xxxx on campus. Existing 656 numbers will not be affected.
Each 542 number will automatically come with its own voice mail box. During the summer, telephone numbers assigned to returning students will stay active as voice mail boxes only. This will be a great improvement to the existing system where students share telephone numbers and voice mail boxes that require the caller to spell the student's last name using the telephone keys. -Patricia Ainsworth
With more than twice the memory and nearly three times the CPU speed, the new IBM RS6000* database server that supports online course registration seems to be doing the trick. As we go to press, our two heaviest days are ahead of us, but today's junior class registration was a pretty good test. This semester the new system registered 478 students into 2304 sections in the first 10 minutes. That is more registrations in 10 minutes this year than in the first 20 minutes last year. And response time was much snappier. Also some tuning of the home page MySQL scripts enabled students to get to the registration page more quickly. Faster is better. -Keith Kennedy
*RS6000 model 620 with 4 750 MHz CPUs and 8.5 gigabytes of RAM
The infamous "Facilities Request Form" aka the bear-down-6 has been retired. The Campus Planning Office with the collaboration and support of AFS computing and CIT has implemented a new event management system called Resource25 from CollegeNet. You can now request facilities and services for an event using a web form found at http://www.uvm.edu/wv3. Guidelines for requesting facilities and services can be found on the Facilities Scheduling page at http://www.uvm.edu/~afsdept/fs/ -Keith Kennedy
Ever wanted to do a quick survey which gathers responses from the Web and automatically tabulates them in a database? Now you can.
In response to UVM's increasing use of Perseus, a tool for generating easy-to-use Web-based surveys, CIT has recently licensed their SurveySolution XP Enterprise product for the entire campus.
The new license includes:
UVM Web page describing how to access and use Perseus is currently under development. In the meantime, for more information contact Doug Varney at 656-1181 or visit the Perseus Web site and check out their FAQ and survey tips.
[Disclaimer: While we know something about security, we are not HIPAA regulation experts.]
When the Health Insurance Portability and Accountability Act (HIPAA) was first passed in 1996, the intent was to allow employees to keep health insurance when they moved to a new job (therefore the name of the legislation). Simple beginning.
In an effort to contain costs and reduce fraud, the law also encouraged the use of information technology and the standardization of medical records, particularly those related to billing and payment. When voluntary efforts at standardization failed, HIPAA imposed rules under that rubric of "administrative simplification" -- which may seem ironic to those who have attempted to digest the subsequent regulations.
When concerns were raised about privacy and security of these records, the implementation details were left to the Federal administrators who drafted, published for review, and finalized several rules, including the Security and Privacy Rules.
The compliance deadline for the Privacy Rule is April 14, 2003 (you may already have seen privacy practice disclosure information at the pharmacy or your doctor's office). Though UVM has relatively few entities covered by HIPAA, privacy of medical records is very important to UVM. Chuck Jefferis, Director of Audit Services, has been appointed as UVM's Privacy Officer to ensure that UVM complies with privacy legislation.
After several years of discussion, the Security Rule was finalized on March 14, 2003. While we still have some time to comply and most UVM IT units do not fall directly under HIPAA, the rule makes sense for nearly everyone. So why not start now? Kevin Beaver, president of Principle Logic, lists five reasons to get started on HIPAA security measures now:
The prerelease version runs on for 289 pages (double-spaced, 8.5X11 with typical margins). For example, 47 pages into the document, it begins to discuss the relationship with the the Privacy Rule:
It should be noted that the implementation of reasonable and appropriate security measures also supports compliance with the privacy standards, just as the lack of adequate security can increase the risk of violation of the privacy standards. If, for example, a particular safeguard is inadequate because it routinely permits reasonably anticipated uses or disclosures of electronic protected health information that are not permitted by the Privacy Rule, and that could have been prevented by implementation of one or more security measures appropriate to the scale of the covered entity, the covered entity would not only be violating the Privacy Rule, but would also not be in compliance with ¶ 164.306(a) (3) of this rule.
Paragraph (d) of ¶ 164.306 establishes two types of implementation specifications, required and addressable. It provides that required implementation specifications that are addressable, ¶ 164.306(d) (3) specifies that the required implementation specifications must be met. However, with respect to implementation specifications that are addressable, ¶ 164.306 (d) (3) specifies that covered entities must assess whether an implementation specification is a reasonable and appropriate safeguard in its environment, which may include consideration of factors such as the size and capability of the organization as well as the risk. If the organization determines it is a reasonable and appropriate safeguard, it must implement the specification. If an addressable implementation specification is determined not to be a reasonable and appropriate answer to a covered entity's security needs, the covered entity must do on of two things: implement another equivalent measure if reasonable and appropriate; or if the standard can otherwise be met, the covered entity may choose to not implement the implementation specifications or any equivalent alternative measure at all. The covered entity must document the rationale behind not implementing the the implementation specification. See the detailed discussion in section II.A.3...
If you would like to read more, links to the full text of the HIPAA Security Rule are provided below for your reading pleasure. While reading through this lengthy document may be tedious, the fundamental requirements are not draconian. For those who do not have the time or inclination to wade through bureaucratic prose, here is a drastically condensed outline of the Security Rule:
Several references, including 3 versions of the the Security Rule, are listed below. Reference #5 is the most current and official version (sourced directly from the Federal Register). Note that the Security Rule is not so much a rule, or even a collection of rules, as it is an extended dialog. This could keep security consultants employed for years... :-)
Further Reading
*HIPAA = Health Insurance Portability and Accountability Act
UVM is going to take advantage of a Microsoft grant opportunity that will support an intensive four week on-site effort to design an institution-wide deployment of Active Directory(AD). Consultants from Microsoft and from Competitive Computing will be on site for a series of design sessions between April 21st and May 9th, working with UVM IT staff from several units who currently rely on Active Directory Services.
What is "Active Directory"?
According to Bill O'Brien in ZDNet,
Microsoft's new Active Directory service is one of the central components of Windows 2000. So central is it, in fact, that maximizing your use of Windows 2000—and your business—depends on your being able to understand what it is and how it works.
Active Directory acts as a focal point for [..] resources and services [dispersed across a network]. It will permit users to log on to different systems without needing a catalog of passwords and accounts to accommodate them. In effect, while you'll probably only hear it described as Active Directory, the word "Service" should be tacked on to the end of that name. It's a dynamic construct, not just a static list. It contains both the directory structure of the network and the ability to manipulate the items within it transparently—without the need to know where they are in the network or how they're physically connected.
Does UVM use Active Directory today?
All universities, especially research intensive universities like UVM, depend on a wide variety of computer and network technologies. Microsoft operating systems are the predominant "desktop" and "laptop" systems at UVM. For CIT servers, UNIX is predominant, but Microsoft servers are in wide use as well, especially in the College of Medicine, and the School of Business. Units who have wanted or needed to use Active Directory have had to design and deploy their own instances of these services. So we have at least two "root" domains, "uvm" and "bsadnet". The College of Medicine domain "med.uvm" is a child domain under "uvm".
What are the barriers an institution-wide design and deployment?
Bureaucracy. Why construct a system where I have to get someone else to do something I used to be able to do myself? If I team up with others, and I need to change something that might affect their operation, do I need to get their permission? What if I come to rely on a service provided by others, and the quality of service is unacceptable.
Workload. I have it working now, and to change will eat up a lot of my time, and it is all "back office" improvements my clients won't even see.
Why consider a institution-wide design and deployment?
Efficiency and effectiveness. Two large "clerical" tasks in all IT operations are "identity management" and "authorization management". Creating "accounts" for people as they become eligible, and retiring those accounts when they are no longer eligible. Making sure we do not confuse people who have similar names. Helping people who forget their passwords. Making authentication simpler and more uniform across campus.
So what's the current plan?
Using this grant funded opportunity including consulting help from Microsoft, staff from around campus will design a institution-wide AD deployment. This design process will provide us an opportunity to identify the opportunities and resources for deploying a cohesive AD design.
Long term?
We need our systems to automatically recognize when people become
affiliated with the institution and based upon their roles, provide
appropriate access to our network and IT resources, all the while
insuring that those who should not gain access, do not gain access.
The current foundation for this infrastructure (Open LDAP directory)
has been in place at UVM for a while. We need to further develop and
extend this infrastructure to the Active Directory environment. We
need to do this with minimal staff intervention, and maximum security
and speed. Our Active Directory deployment is an important part of
our overall identity management and access control scheme.
UVM
Active Directory Design Project
-Keith Kennedy
Further reading
If you run firewall software, you may be concerned that something on the UVM network is scanning your computer from time to time. If the scans are coming from the IP address 132.198.111.250, 132.198.203.10, or 132.198.101.182, there's nothing to be alarmed about.
The University's security team scans devices on the UVM network for known vulnerabilities, and to be sure systems aren't infected by certain software trojans, such as Back Orifice. The IP addresses above belong to the systems used for the scanning, and some fire wall software will confuse their scans with intrusion attempts.
When a system is found to be vulnerable or infected, the security team will attempt to determine who is responsible for that computer, and will require that person to eliminate the exposure. The security team may act immediately against systems that pose a sufficiently high risk to the network or to other computers. Network access may be suspended if the responsible person can't be contacted or doesn't respond.
For more information on information technology security at the University, including policies, please see the security team's Web pages at: http://www.uvm.edu/networksecurity/
If you believe your computer is being attacked or scanned maliciously, please report the situation to: report.abuse@uvm.edu
Security scanning is intended to protect computer and network users by identifying vulnerable or compromised computers; it does not afford any protection from viruses, trojans, or worms. It is essential for all computers on the UVM network to be protected by up-to-date antivirus software, available in the UVM software archive. - Dean Williams
Has your Web browser stopped working?
Do unexpected web pages appear?
Does everything run very slowly?
CIT's Help Line continually hears about computers with these symptoms. For example, people using WebCT may suddenly find themselves at AskJeeves.com, or Internet Explorer won't start, or Webmail doesn't work. Another common problem is an inability to login to the University Registrar's pages. "Spyware" - also known as "scumware" -- may be to blame.
Almost everyone is familiar with file sharing (or peer-to-peer, P2P) programs these days. The first of these programs, the infamous Napster, was bare bones compared to the recent ones. Current ones, such as Kazaa, Morpheus, and LimeWire, will let users search for not only music files, but movies, games, and software programs. Since almost all file sharing programs are distributed for free, the authors have found other ways to generate revenue. Most of these programs install components that collect information about users and push ads to their screens. The programs record information about users and sell them to advertising companies. There are even reports of file sharing programs diverting commissions on online purchases back to themselves - "stealware." Gator and TopText are among the most deleterious and deceptive of this type of program.
Morpheus takes it one step further, silently taking over unused space on our hard drives for storage of media files. It then makes our hard drives accessible to other Morpheus users, allowing them to store and download files from our systems, any time our computers are running. Like other programs of this type, one does not need to have started up the program -- it runs quietly in the background at all times. If someone stores a popular movie on your hard drive, it's easy to imagine what that can do -- your computer slows down, your network access is choked off, and your hard drive fills up. Beyond the impact on our own systems, this activity clogs the campus network and, more seriously, UVM's connections to the Internet.
What's more, there may be legal complaints from owners of copyrights for pirated material on your hard drive -- for which you are liable, even if someone else put it there via a program like Morpheus.
Aside from P2P programs, some Web sites may "hijack" your Web browser when you visit them, altering its home page, search page, bookmarks, and other settings.
Banishing Scumware From Your Computer
Because harmful components of many P2P programs run unnoticed and beyond our control, it's often not enough to simply refrain from running the P2P programs. The only solution is to fully remove all the offending bits of software, but uninstalling spyware by hand can be laborious and time consuming -- we can't rely on the usual "Add/Remove Programs" function. Fortunately there are free programs to help do the job.
One, called Ad-aware, will detect and delete many spyware components on Windows systems. It is not supported or warranted by UVM, but if you'd like to try it, you can download it from: http://www.lavasoftusa.com/
There have been reports of Ad-aware causing problems of its own, so use it only if you're willing to accept that risk, and only after you've backed up anything you want to save.
CIT's Stefanie Ploof and Michael Kontrovitz report that another program, Spybot - Search and Destroy by PepiMK Software, performs a similar function to Ad-aware, though it's perhaps a bit less "user friendly." To test Spybot vs. Ad-aware, Michael said, "I first ran Ad-aware and deleted all spyware and then ran Spybot. I think Spybot found 5-10 items Ad-aware did not." Mike continues, "One of the nice things about Ad-aware is that I believe it still fits on a floppy disk (we frequently use it to troubleshoot Internet Explorer and network connection problems) whereas Spybot weighs in at 2.5 MB (or something close to that)." As with Ad-aware, there is some risk, so be sure your backups are current before installing and running Spybot. You can download Spybot from: http://security.kolla.de/index.php?lang=en&page=download
Brave Macintosh users may want to try a Macintosh security scanner, not yet tested by CIT, named MacScan: http://macscan.securemac.com/
For additional information about scumware, spyware, and ways to clean up your computer, see:
Michael Kontrovitz, Stefanie Ploof, & Dean Williams
For those who missed Pat Ainsworth's Mastering the Maze presentation, here are her quiz questions:
Security Sleuth: Last year over spring break (while the Residence Halls were unoccupied) the average Internet traffic coming OUT of the Res Halls was 4 Mbps. Can you explain why?
Sharing music files is a common practice that can use substantial amounts of University bandwidth. During spring break users outside the UVM network were searching hard drives on campus for music files and downloading them at an average rate of 4 Mbps. Today, the UVM firewall prevents this from happening.
Security Sleuth: What was the "profile" of the average "hacker" 5 years ago according to FBI Special Agent Nenette Day?
15 year old, white male from a broken home.
Security Sleuth: What is the "profile" of the average "hacker" today?
According to FBI Agent Day, 75% of "hacking" is economic espionage. In fact 23 foreign countries and state-sponsored hackers targeting US companies. The US economy lost an estimated $300B in 5 years from 1996 when this activity became illegal through 2001.
Security Sleuth: On March 10, 2002 Georgia Tech Business Network was "hacked." The intruders deleted 350 Gb of information including credit card numbers and the institutions financial records . What did the "hacker" replace these files with?
Movies. The hackers were running an illegal "on-line" move rental business and were just looking for someplace to store their inventory.
Security Sleuth: How many computers did the famous "I Love You " worm infect?
45 Million
Security Sleuth: The day UVM firewall was installed what percentage of incoming Internet traffic was denied by the new firewall?
50%. The firewall denied attempts from computers outside our network to initiate sessions inside the UVM network. Special care had been taken to identify legitimate connections so that the traffic denied was unauthorized attempts to access our network.
Security Sleuth: Last month, the firewall denied only 10% of the attempts to connect to the UVM network. Why did the denial rate drop? Are the hackers on vacation?
Hackers typically use scanning software that "learns" when a network has deployed a firewall for protection and so stops trying to access computers inside that network.
Security Sleuth: The US Customs Cyber Smuggling Center, which is part of Homeland Security, launched a major investigations called "Operation Buccanneer" a few years ago. What higher education institutions were served with search warrants in the course of the investigation?
UCLA, MIT, Purdue, Duke and the University of Oregon to name a few.
As UVM's legacy Financial Records (FR) and Human Resources (HR) Systems continue to age, consideration must be given to what will replace them. Most universities of our size and larger either have moved to enterprise resource planning (ERP) systems or are planning such a move.
What are "enterprise resource planning" systems?
Skeptics might suggest that ERP systems are nothing but marketing hype intended to entice institutions and corporations* to invest millions in refurbished information systems. Others have implied that they are the panacea for our management, planning and operational information needs by integrating all needs into an efficient, organized uniform institutional information system . The truth is probably somewhere in the middle.
ERP systems have not, in most cases, lived up to their last name (planning). Although they can provide information that can be very useful in planning, they are not planning systems, per se. They are primarily integrated operational systems that can provide enhanced access to operational and trend data that can be used as input to planning processes.
I've heard that some ERP systems have cost over $100 million. Is that true?
Actually, the ERP systems themselves are not terribly expensive. However, some ERP implementations have cost large university systems a great deal. For example, the California system has been in the news for spending $662 million for 23 campuses ($28 million each).
In the corporate world, while some ERP systems have been credited with the remarkable growth and success of some companies, bungled ERP implementations have been blamed for bankruptcy of others...
What can an institution expect to gain from its investment in such systems?
Efficiency and effectiveness. We would expect a new system to better support our business processes, to make it easier to process business transactions, to provide more self-service capabilities, and to facilitate comprehensive management reporting. Many of the potential benefits of an ERP project arise from the rare opportunity such a project provides to reevaluate and reengineer our policies and practices.
How long does an ERP project take?
Actual implementation times typically range from one to five years. Some take longer; some have been abandoned or restarted before completion. UVM took approximately 18 months to implement the original Banner Student Information System (SIS). However, UVM has continued to implement features for several years beyond that. Components (such as the Degree Audit Reporting System currently) continue to be added, 10 years later. Depending upon the scope of the project and the resources available, replacing UVM's HR and FR with modern ERP systems could take between two and five years.
Why have some ERP implementations failed?
There are probably as many reasons as there have been failures. One of the most common reasons is the absence of appropriate project ownership in success. While it is essential that the President and Board of Trustees support ERP implementations, it is equally important that administrative and academic leaders, as well as the IT organization, also have a real stake in its success.
Can we make an ERP fit the ways UVM does business?
We could, but in general we should not attempt to modify an
industry-standard (education being our industry) ERP software package
to match the way UVM has traditionally conducted business. While it
may seem that it would be easier to modify these systems to reflect
UVM's business culture than to adjust our practices, we would lose
the greatest value of the ERP by doing so. While some customization
is always necessary, we must evaluate every UVM variance to ensure
that it truly adds value and that the value exceeds the initial and
the ongoing cost of customizing the software. This cost is higher
than one might expect since. In addition to the one-time cost of
designing and programming the modification we also incur:
- Extra problem resolution costs. Before calling in the vendor on any
given problem, we need to make sure our local modifications are not
involved.
- Local modifications must be reintegrated and tested every time the
vendor supplies an updated version.
- The vendor supplied documentation and training will not match the
way our system actually works.
What costs of an ERP are typically underestimated?
Determining how to do business and building consensus is among the largest in cost and effort. Project budget "piling on" can occur. Like Congress's omnibus spending bill, many costs are sometimes added on without adequate review, just because the enormity of the project makes it easy to slip them through. Judicious financial management is required. Training often receives less than adequate attention. With staff turnover, training is an ongoing activity but is frequently budgeted as a one-time activity.
Here are some of the costs that typically go into an ERP implementation:
Software costs. Though many imagine that software is a dominating cost, it rarely represents more than 20% of the cost and is usually well-understood up front. However, related software costs associated with desktop computers and server infrastructure (security, back-up software, languages, reporting tools, etc.) are sometimes overlooked. Distributed costs for client-server architecture has been a source of cost overruns in some early ERP systems.
Hardware costs. Usually the cost of replacement server hardware is included. In some cases, however, the hardware sizing does not take into account the increased number of end users (as a result of disintermediation ) or the increased processing power required by larger and, typically, less efficient programs. Nonetheless, server hardware costs do not typically represent a large portion of the project costs. However, depending upon the current state of distributed ("desktop") hardware, upgrades or replacements may be required, significantly contributing to total costs.
Training. One of the most elusive budget item consistently underestimated. Because many people must learn a new set of processes, a new way of conducting business, it is not a simple matter of learning a new software interface. Depending upon the nature of the applications, the number of individuals, and varieties of workers, that must be retrained can vary substantially. At UVM, for example, implementing the Banner SIS affected more UVMers than moving either to new HR or FR systems is likely to impact.
Integration and Testing. One of the fundamental, advertised advantages of ERP systems is their high level of integration. While this may lead planners to assume that integration will require little or no effort, this is not typically the case. Linkages between ERP packages and other corporate software, including applications from the same provider, must be established and tested. This can represent an enormous cost.
Data conversion. Obviously, current operational data must be converted to new systems. Less obvious is historical data. Unless you plan to continue to run old systems ($$$) or abandon data, you will need to convert historical data for legal and longitudinal analysis purposes. One of the more common "surprises" during data conversion is that some data is missing, misused or inaccurate. Frequently, new systems are less tolerant of dirty data. If data clean-up becomes part of the project, related costs can balloon.
Information analysis. One of the main reasons for implementing an ERP is to make information analysis easier and better. Depending upon how inadequate existing facilities are, they can improve the situation. If a data warehouse is not included (it usually is not) in the ERP, it will probably have to be added on for many kinds of projections and other analysis.
Consultants Ad Infinitum. Clearly consultants can bring value to a large conversion project. Having access to someone who has been through an ERP conversion is important to the success of an ERP project. They also bring an external, consultant's view point and can separate themselves from organizational politics. However, failing to come to closure on a timely basis frequently leaves consultants engaged with the meter running. Coming to project closure and disengagement on time is essential to containing costs. Some of the biggest cost overruns and most notorious bungled ERP implementation were managed by previously reputable consulting companies. (6,7) The overall responsibility for a project should not be turned over to someone whose primary interest is a continuous consulting engagement.
Backfilling and Outsourcing. Most agree that putting your most capable people on the ERP implementation team is a good idea. Their talents and knowledge will help guide and support the project. However, this is likely to result a temporary labor shortage in the areas they normally support. The temptation is to outsource the project labor, but this means that the people with the best knowledge of the ERP will be lost when the outsourcing contract ends. A better use of outsourcing is for backfilling the folks who are working on the project.
Return on Investment (ROI). How can a system that costs you more, to do the same things, recover the sometimes-large investment? It can't. In order to recover costs, it must result in things being done differently -- more efficiently or effectively for the customer and for management.Of course, ROI is not the sole reason for an ERP project. Risk avoidance and loss of support for older technologies are also common and valid reasons.
Post-ERP Disappointments. Too frequently, organizations experience productivity declines and even chaos after an ERP implementation. These problems are usually the result of:
- Unrealistically high expectations (hype from vendors and project advocates).
- Inadequate training on the new system.
- Lack of appropriate process redesign or the lack of its infusion into organization culture.
- People who continue to try to use old practices with the new system.
- Alternatives to important features not part of the ERP were not included.
- Lack of practice with the new system.
- Old-fashioned resistance to change.
- A poorly designed system that does not perform as well as the system it replaces.
- A faulty or incomplete implementation.
For example, most modern ERP systems have graphical user interfaces (GUIs) that are intended to improve ease of use. However, these systems are typically not as well suited to "heads-down" data entry as their harder-to-use, "unfriendly" predecessors were. When old systems were designed, subsecond response time was king. The modern systems are commonly designed to be used directly (not through intermediaries) by end users, and response time, despite much more powerful computers, is commonly slower (though faster and more convenient than filling out and submitting a paper form). So if an organization continues processes that result in paper forms being submitted for central data entry, an ERP will only add costs.
Given all the risks, why is UVM considering implementing an ERP?
There are some functional weaknesses in our legacy systems. For instance, in the HR arena, we have long desired a web-based system that would empower employees to make their benefit selections online. In Finance, our current system is weak in the budgeting area (leading to the development of local solutions/add-ons). Our current financial records system does not adequately support the business managers needs at the unit level. The HR system does not provide easy access to meaningful HR data to unit level HR representatives.
Our legacy systems are built with tools that just are not that popular anymore (VSE/CICS/VSAM). Development and even ongoing support for these tools is limited. Over time we expect the risk related to using this infrastructure to grow.
We need to reengineer our business and customer service processes.
We need to become more efficient and effective. An ERP project will
provide the opportunity to change the way we do business.
Additional Reading
*While most of what has been written about ERP systems references corporate implementations, almost everything they say about ERP systems also applies to university implementations.
Pre-Disaster Planning
In the February issue we briefly introduced the need for business continuity planning and promised a series of articles.
Plans for prevention, preparation, recovery and continuity should be part of a comprehensive plan. While these plans are not the exclusive province of IT organizations, we will focus on those that are.
We sometimes hear the following reasons for not planning for disasters:
Every day there are more reasons for IT disaster planning. Our reliance upon information technology has changed dramatically in recent years. Almost everything we do as a university relates to information. We create it, we enhance it, we distribute it, we evaluate it, we organize it, we process it, we analyze it and we absorb it. And increasingly, we use information technology to enhance and enable those processes. When our IT infrastructure fails and cuts off information access, many will feel at a loss. Some can hardly do their jobs at all. Yet, despite our increased vulnerability and advancements in the technology, we are generally inadquately prepared to handle all but the smallest disruptions.
How useful is a disaster plan?
While it is unlikely that one would go to page 343 of a hypothetical 800-page disaster-planning document to determine what we do when, for example, a flood puts critical infrastructure out of commission, there is real value in the process that produces that plan.
As Dwight D. Eisenhower once wrote:
The point is that we do not want to find ourselves in a disasterous situation where
Further reading
The College of Arts and Sciences (CAS) and CIT have recently completed a life-cycle funding plan for key CAS teaching labs. The partnership calls for the timely replacement of computers in ten different teaching labs beginning this spring with replacement of computers in Communications Sciences. Though contingent upon continued funding, the plan calls for the staged replacement of over 100 computers. Among the goals of the partnership are:
Very Brief History of Networking Protocols
Though we all take the Internet Protocol (IP) for granted today, inventing IP and related protocols was no small feat. The remarkable thing is that IPv4 has persisted and grown for so long without fundamental change.
In 1957 in response to the Sputnik launch, the US government established the Advanced Research Projects Agency (ARPA) to conduct both strategic and academic research. About ten years later, ARPA researchers began to investigate ways in which they could network computers of differing types in order to share resources and information. At the time, and for too many years beyond, computer companies developed proprietary networking protocols, frustrating attempts to interconnect computers from different manufactures.
In the 1970s, ARPA researchers, in partnership with BBN, developed a seven-layer networking model and a small set of protocols. The ARPA network of Internet Message Processors (IMPs) at a few universities and affiliated companies continued on a relatively small scale for a number of years. There was a good bit of interest in this open networking environment resulting in a number of ongoing enhancements. By 1973, when the original Network Control Protocol (NCP) was unable to scale to the increasing traffic, a new protocol, Transmission Control Program (TCP), was developed to be independent of the underlying network and computer hardware. Several years later in 1981 a series of RFCs (requests for comment) were issued, the results of which lead to TCP/IP version 4 -- essentially the same version in use across most of the Internet today.
In the early years of networking (mid 60 through the early 90s), proprietary networks, such as IBM's System Network Architecture (SNA) and Digital's DECNet continued to dominate commercial networking. With the advent of microcomputers, relative newcomers, Apple and Novell, respectively developed proprietary networking protocols, Appletalk and Internetwork Packet Exchange (IPX) respectively. Now those protocols are fading away in favor of IP which continues to grow rapidly.
Problems with IP Version 4
Amazingly IPv4 has been in use for three decades without major changes. The original protocol uses a 32-bit number (the "IP address") to identify each computer on the Internet. The IP numbers are normally written as 4 numbers (representing the corresponding groups of 8 bits) with dots between them, like this: 132.198.1.10 A 32-bit number provides space for roughly 4 billion numbers. While this seems like a lot, not all numbers can be used. Typically an organization, company or network is assigned a range of numbers which can be managed locally. For example, UVM, a relatively early Internet participant, was assigned a "class B" IP address range of addresses (roughly 65,000) in the late 1980s -- we are allowed to use addresses from 132.198.0.0 to 132.198.255.255. Though we may use that many some day, we use only a fraction of them today. This is typical of other Internet domains. As of 2002 about 3% of the 4+ billion addresses were actively in use.
In the early 90s, it became clear that at predicted annual growth rate (estimates ranged from 100 to 1500%), the world would soon run out of IP numbers. Some experts in the IETF suggested that would happen as early as the year 1994. This was probably the primary reason for developing IPv6.
IP Six Appeal
The changes from IPv4 to IPv6 are primarily in the following areas:
The most compelling advantage of these changes is the relief of the IPv4 address space limitation. The other improvements mostly involve the tidying up the protocol and are of interest primarily to networking engineers.
Does UVM Support IPv6?
UVM Network Services has been monitoring the progress of IPv6 for years. Vendor support (see references below) is widely available. However, there currently is no compelling reason for UVM to move to IPv6. We have plenty of addresses; moving to IPv6 will cost time and money; plus such a conversion is likely to be, at least a little, disruptive. Nonetheless, UVM will most probably move to IPv6 by the time the benefits exceed the costs. That is likely to occur in the next year or two. If you have a specific need for IPv6, send email to Information.Technology@uvm.edu.
IPv6 Future?
Conducting Web research on the future of IPv6 is interesting. While there are many articles about the future of IPv6, many of them were written some time ago and predict events that have not come to pass. Hence those predictions lack credibility. Nonetheless, we expect the growth of IP addressable devices, including appliances, VoIP telephones and portable computing devices to accelerate the migration to IPv6. Because the Internet began in the US, our institutions and companies were the first to get "dibs" on IPv4 address space and most currently are not particularly constrained by addressing limits. Outside of the US, especially in Europe and Asia, because the demand for additional address space is greater, the pace of conversion is more rapid.
IPv6 quadruples the size of the IP address to 128 bits, enough addresses, in theory, for 340,282,366,920,938,463,463,374,607,431,768,211,456 (three hundred forty undecillion) nodes. (Background#2) While the inefficiencies of IP address assignment will still reduce the effective number of addresses, this would theoretically be sufficient not just for every person and all the devices, not just enough every molecule on earth, but enough to address every electron on earth. The IETF apparently doesn't want to risk running out again any time soon. This could enable the eventual realization of ArpaNet's (Dr. J.C.R. Licklider's) 1988 vision of an Intergalactic Network -- though the Galaxy is a pretty big place...
Further Reading
Background
Official Reference Sites
Tutorials
Recent past
Vendor Support
What Is "Dark Fiber"?
Dark fiber is simply fiberoptic cable (or strands) that have been installed, but not yet been "lit up" -- that is, not connected to electronics that convert digital data into a light stream. If a customer needs an off-premises data connection to some other location, this is typically acquired from a common carrier who may offer various connections, such as T1, DS3 or OC3, in which case the carrier provides electronics and management, or alternatively, an unloaded copper circuit or dark fiber, in which case, the customer provides the electronics and management.
Why Would Anyone Install Fiber But Not Use It?
Extra fiber is typically installed for:
The greatest portion of the cost of installing fiber is not the fiber itself, but the cost of installation (trenching, installing conduits and pulling cable) and the electronics to transmit data over it. So when you open up the ground to install fiber, it makes sense to install plenty. Also fiber bundles benefit from economies of scale -- a bundle of 144 fibers does not cost 24 times as much as a bundle of 6 fibers, and the cost to install the larger bundle, though higher, is not a great deal higher.
What's This I hear About a Dark Fiber Glut?
For the reasons listed above, many telephone, Internet service providers, local exchange carriers, utilities and others installed a great deal of fiberoptic cable during the dot com boom in hopes of cashing in on fiberoptic's economy of scale and the anticipated demand for greater and greater bandwidth. When the dot com bust hit, many companies found themselves sitting on huge amounts of fiber infrastructure with large debts and no customers. Many of these companies have since gone into bankruptcy, and their assets (including dark fiber) have been sold for pennies on the dollar. To recover their investment, some of these companies have been selling off the dark fiber at below market prices.
What, If Anything, Does That Mean for UVM?
In theory, it should mean increased competition and lower prices for UVM. To some extent we have already begun to see some effects of increased competition and economies of scale. As mentioned in the March newsletter, UVM has increased our bandwidth by a factor of 22 in the past 4 years. While UVM's budget for Internet bandwidth has naturally increased, it has not increased nearly as much as bandwidth capacity. We anticipate that with competitive bidding and skillful negotiations, UVM will be able to continue to increase bandwidth to meet rising demands without unduly increasing costs.
Further Reading
WebDAV stands for World Wide Web Distributed Authoring and Versioning. It is an IETF Proposed Standard (published as RFC 2518) that is intended to improve the ease of maintaining Web pages (HTML, etc.) on a network server. Think of it as a network file sharing system enhanced for Web applications.
The WebDAV standard specifies a set of extensions to HTTP. A number of popular Web authoring applications, including Mozilla, Adobe GoLive 5 and Macromedia Dreamweaver 4, already support WebDAV. Mac OS X includes support built into the operating system (see below).
What's special about it?
Apple describes WebDAV as follows:
All very true, plus OS X has WebDAV built in. Unfortunately, the OS X version does not currently support encryption and will not work with UVM test WebDAV servers.
In addition to providing an easy way to update Web files on a remote server, WebDAV also provides features to support multiple users updating the same Web space, even the same files. When multiple people are working on the same file, WebDAV uses file locking to ensure that they cannot wipe out each other's changes (in theory, at least). WebDAV also allows you to assign properties to Web files (e.g. title, author, publication/revision dates, etc.). You can use these properties to identify, organize, and locate files more easily.
Does UVM have a WebDAV server?
Yes, currently at https://webdav.uvm.edu, but CIT is not yet prepared to support it. However, if you would like to be part of a team to try it out and relate your experience, please give it a try. You can report your progress or inquire about others' experience using the UVMWebInfo list. To participate, you should have a WebDAV enabled Web-authoring tool that supports SSL encryption (and that you know how to use).
Further Reading
Q: I'll be working on a group Web project where several of us who will update Web pages in a zoo.uvm.edu account. How do I go about setting permissions so that those people, and only those people, have the ability to edit pages in the public_html directory. I know there are settings for owner, group and everyone, so I suspect it will be a group situation. If so, how do I go about creating a group?
A: As you suggest, this requires establishing a group and setting group permissions. If you have many people that need group web editing abilities, we can setup a group share to help automatically set file permissions. Contact account.services@uvm.edu if you need this type of web share.
To request a group send email to account.services@uvm.edu who will require:
- A unique group name, 8 characters or less in length, suggesting the name of your group or organization.
- The netid of the group owner, who will control group membership, adding and deleting members as needed.
Note that some group names may be taken (e.g. CITWEB) and other groups may be reserved (e.g. PRESIDNT).
Setting group permissions will depend upon how you update files in the public_html directory. Use the Unix chgrp (change group) command to make the files owned bythe group, e.g. "chgrp mygroup mywebfile.html"
Or, if you like, you can use the Windows FTP Voyager for changing permissions. [Note that FTP is being replaced by SSH.]
You should set file permissions for files and directories to rwxrwxr-x (chmod 775). This gives everyone in the group permission to create and change directories and files.
For information on another promising technology for shared management of a common Web site, see the article on WebDAV in this issue.
A: Although convenient for sending small files, email attachments are a particularly inefficient method for sending large files. For this reason, UVM limits email attachments to 10 megabytes (MB) each. A special facility for sending or receiving large files (up to 750 MB) has been established at UVM for just this purpose. If you would like to send a large file to someone, go to https://www.uvm.edu/filetransfer/ and click on "Send file from the University of Vermont". If someone wants to send you a large file, direct them to the same site where they can click on "Send file to the University of Vermont". Once the file has been sent, you'll receive an email telling you how to retrieve it to your computer using your NetID login." Note that the key is server generated, not provided by the sender.
Sometimes a good alternative is to reduce the size of the files using compression and other common techniques. For example, a uncompressed TIFF file can frequently be reduced by a factor of 2-20 by saving the file in jpeg or gif format. PowerPoint files are frequently much larger than they need to be because images are uncompressed or are repeated in each slide, rather than being made part of the presentation slide master. Others have found that FedEx or UPS Overnighting a CDs or DVDs to be an expedient method for transferring very large files.
Q: How do I delete messages in Webmail?
A: Click on the checkbox on the left of every message you wish to delete. When you are finished selecting the messages you want to delete, click on "delete" at the top of the checkboxes. If you accidentally delete a message you decide to keep a bit longer, click the checkbox (es) then click on "undelete".
Q: I did that but the messages stay on the screen, but with a line through them. How do I get them off my screen?
A: This is the second chance feature so that you are less likely to accidentally delete messages you mean to keep. "Deleting" messages flags messages for subsequent removal -- only purging actually removes them from the system. Once you are satisfied you have not deleted a message you want to keep, click on "purge deleted" on the right side of the screen. This removes the file from the screen and from your inbox.
Q: I used to use the "hide deleted messages" option so the messages would disappear automatically. Now the option is gone.
A: Yes. This option to hide delete-flagged messages has been phased out. Because deleting messages does not actually remove the messages, many users did not realize that they still had hundreds of "deleted" messages in their inbox and consequently exceeded the inbox quota (30 megabytes). Now messages will remain visible until they are actually deleted (purged).
The Dell Axim is hand held PDA running Microsoft's Pocket PC operating system. Although it bears a superficial resemblance to Windows computer, the Axim is to a PC as a PC is to a typewriter. Trying to use it as a computer is likely to be frustrating.
It doesn't have a keyboard. It doesn't have a mouse. Nowhere is there a menu item that says "print." All of which should be viewed as distinct advantages.
It does have a pen/stylus and built-in hand writing recognition (that works well enough to allow the draft of this article to be actually "written" on it.) It also has a built in "tape recorder" to allow voice notes to be recorded and played back.
The smaller model comes with 32 Mbytes of volatile memory - enough to store a small book shelf or Beethoven's Fifth Symphony. Like most similar devices, it comes with a USB cable to connect to a (Windows) PC for backup and "synchronization" to help avoid data loss. In addition, it comes with support for nonvolatile memory accessories - an SD/MMD card can easily store 128 Mb or more and a CF slot is compatible with the IBM micro (disk) drives storing 1024 Mb. Both of these additional devices can be used for active memory or backup storage.
The USB connection can be used to synchronize the standard personal information management functions (address book, calendar, notepad, ...) with "corporate information". For me, calendar synchronization has been particularly useful -- the Axim keeps an up-to-date with UVM's Oracle Corporate Time calendar. Every time I turn it on, it starts with a "today" reminder page.
As a bonus for keeping my calendar synchronized, the Axim also synchs with the free Advant-Go news service which gives me a supply of news, technology, and weather information to browse while waiting for a meeting to begin.
A Bigger Bonus : Wi-Fi
The most appealing aspect of the Axim for me was the vendor supported wi-fi wireless option. A Dell brander wireless ethernet card fits right into the compact flash slot, and the Axim ships with an Internet browser, an IMAP capable mail program, and a MSN instant messenger client preinstalled. A network "sniffer" allows me to scan the neighbor for a "open" network, such as you might find in a home setting. (The UVM Cat's PAW network is accessible only with the addition of a third party driver.)
Some Annoying Gotchas
The handiness of the system comes with some significant annoyances. The battery life is tiny compared to that of my Palm Pilot - the color display, the "faster" processor come at a significant power cost, and wireless is exorbitant; though to be sure, the charge cycle is fairly short . (Its definitely an incentive to keep meetings down to an hour or so!). And although the programs bear the same name as their PC cousins, the interface is fiendishly inconsistent - sometimes the menu is at the top, sometimes at the bottom; sometimes copy/paste is under the edit item, sometimes not; and sometimes copy/paste don't work even when they are available. And both the wireless driver and the operating system itself are a bit flaky; I've had to reset (reboot) the system several times a week - it reminds me sometimes of Windows 3.0 or Mac OS 8.
Overall. I can generally live with the annoyances - is a buggy browser better than none at all? Its a tossup, but eventually, the bugs will be eliminated.
The potentials of this mix of information tools at this price level is too intriguing to ignore. The multimedia tools are as useful for music and language study as they are for entertainment. Using wi-fi augmented meetings and classes - e.g. for interactive polling, pop quizzes, brainstorming - is just as promising (and perhaps just as frightening) as instant messaging. Steve Cavrak
--
Avant-go : a news clipping service for Palm OS and pocket PC users. My channels include Acuweather (with satellite images), CNet News (technology), the New York Times, the University of Florida news service, Yahoo, and Wired.
Corporate Time (CT)= the University wide calendar program supporting the kcal standard. CT, which has been acquired by Oracle, will synchronize with Palm OS and Pocket PC devices.
CF = Compact Flash, a storage device with an approximately 1 inch square form factor and comes in sizes currently ranging from 16MB to 512MB. CF device prices change weekly and currently range from $50 for 128MB to $125 for 512MB.
MicroDrive, miniature disk drive (1") with a capacity ranging from 0.5 to 4 gigabytes. Microdrive prices continue to decline while capacities increase.
SD = Secure Digital, an even smaller storage device with an approximately 1 cm square form factor. SD device prices currently slightly greater than those for CF devices.
USB = Universal Serial Bus
Wi-Fi = the 802.11b wireless ethernet standard (currently in use at UVM)
Please note: While CIT continues to evaluate the Axim line -- and the Pocket PC operating system -- we may not be able to help if you use one and have questions or problems. The IT Standards Committee has not yet considered whether Pocket PC will one day be recommended and supported. For these reasons, if you need a PDA (Personal Digital Assistant), purchase PalmOS-based technology. PalmOS is found on Palm, Handspring, and Sony PDAs, and the Palm line is available from UVM Microcomputer Services. If you plan to explore new unsupported technologies, we suggest working with peers, including those througout the University, to share experiences, problems and solutions.
On March 12th Intel Corporation released their much-anticipated mobile Pentium chip set known as Centrino. Built from the ground up, the Centrino chip set family is designed specifically for mobile computing applications.
The Centrino mobile technology is made up of three components that work together to deliver performance that exceeds that of the previous generation of Intel mobile processors. The components include the Intel Pentium M processor, the Intel 855 chip set family, and the Intel Pro/Wireless 2100 network connection.
Some key benefits of the Centrino family:
Intel Pentium M processor
Intel 855 Chip set
Intel Pro/Wireless 2100 Wi-Fi compliant network connection
In addition to these benefits, Intel offers two key features in this new architecture: enhanced Speedstep technology with multiple voltage and frequency operating points, and Mobile Voltage Positioning. These features produce key benefits that have allowed newer notebooks to better match performance to application demand, and dynamically lower voltage requirements based on processor activity, thus lowering thermal design requirements, which enables smaller notebooks.
Dell Announces Latitude D-Series
On March 12th Dell Computer Corporation announced their Latitude D-series family of products. The first two models, the Latitude D600 and D800, replace the most popular notebook models sold here at the University, the C600/C640 and C800/C840.
These new laptops feature a new moonlight silver color, and offer a combination of features and designs, including a Tri-Metal chassis and integrated wireless. Dell is taking full advantage of the Centrino(tm) family, thus allowing them to produce smaller and lighter notebooks (e.g., the D600 is approximately 14% lighter and 13% thinner than the C product it replaces).
The D600 and D800 are available now and have a starting price of $1399 and $1699 respectively. The D400 and D500 products will be available later this year. For clients concerned about product consistency, Dell will continue to sell the C-family products through the bulk of this year as we transition to the D-family products.
For additional information on the Dell announcement, go to: http://www.dell.com/us/en/gen/corporate/press/pressoffice_news_2003-03-12-rr-002.htm
For additional information on the new Intel Centrino(tm) including performance data and detailed specifications go to: http://www.intel.com/products/mobiletechnology/index.htm?iid=Homepage+Focus_cmtbadge&
This section of the newsletter is planned for highlighting a UVM IT support person each month. If you would like to nominate someone (or would like to volunteer!), please write to IT@uvm.edu.
What kind of information would you like us to include? Areas of expertise? Favorite quotes? Job at UVM? Career? Preferred computer? Operating system? Language? Hobbies? Send your ideas.
To read IT news these days you would assume that the end of the Internet is neigh. We are assailed with articles informing us that the cyber-terrorists are due to strike at any time. Certain destruction of servers and workstations everywhere is imminent, they tell us. Brace yourselves, kiddies! Be sure to stock up on plenty of duct-tape and plastic sheeting for your PC.
Does anybody else find all these dire warnings a bit hard to swallow? Does anybody else question the cure that is being proffered as a cure to these threats? The mainstream press (and even the IT industry news, to a lesser extent) is full of misinformation and exaggerated warnings. No doubt the Associated Press has been worked into a tizzy by such awful Hollywood films as "Swordfish", "Hackers", "Sneakers", and "War Games". People seem to view the infiltration of computer systems as a video game. Fancy graphics scroll by and the super-hacker "finds the backdoor" and "drops in a time bomb". Click the mouse, Kablooie! Game Over! The entertainment industry has created a culture of fear in the idle computer users of America. They make us appear to be a nation under siege by 14 year olds operating out of phone booths with laptop computers. Computer users cry out for protection from these threats, but do they realize the true costs of their request?
Of course, the real story with network computing security not as
dramatic as the Hollywood version. The most successful hackers never
have to touch a computer to hack in to a system. They dress as
janitors and read your passwords off of a Post-it note under your
keyboard. They call you on the phone posing as IT staff members and
trick you into disclosing your login information. The most famous
"hacker" in recent memory was neither a programmer nor a code
breaker.
Kevin
Mitnick, once of the FBI's "most wanted", was more a con-man than
a hacker. He used these so-called "social engineering" tactics to
stage his break-ins.
Of course, the
fear
of hackers and cyber-terrorists now fuels efforts to make the
network "secure". Firewalls are put up, encryption schemes are
enforced, once open resources now become "members only". But what is
gained through all of these security efforts? Is your data now
completely secure? The answer, of course, is no. Although the idle
hacker will no longer find your computer the same easy target that it
was before we had a firewall, we are still extremely vulnerable to
social engineering hacks.
We must not lose sight of the fact that total information security is
impossible to obtain. In the process of making our network less
vulnerable to those "cyber-terrorists", we must not lose sight of the
reason that we have a network in the first place. UVM was connected
to the Internet to facilitate communication with and education of
people outside of the University. As a educational institution, it is
part of our mission both to permit and to foster any project which
works towards these goals.
There will be risks in maintaining this mission. Not everyone who
wants to experiment with information technology is a security expert.
When we allow students and professors to run their own servers,
systems will be hacked and information will be stolen. However, we
must put these incidents into perspective. Are the benefits of having
an education-and-experimentation-friendly network worth the cost of
an occasional system compromise? The answer should be obvious.
Constantine Cavafy (1863 - 1933) crafted a poem, "Waiting for the Barbarians", about empires and their constant obsession with borders at the expense of the populous. Although the poem addresses the affairs of state, there is a take-home lesson for the IT world: do not make the cure for your security woes worse than the disease. We must not destroy the Internet in our efforts to make it safe. Hear the poem.
-Greg MacKinnon
CIT Client Services
Have a question or comment?
Send technical questions to helpline@uvm.edu.
Send questions and comments regarding IT policies, plans or priorities to
If you have a question or comment regarding this email newsletter or any article herein, send it to UVM-IT-News@list.uvm.edu. Answers of general interest will be posted to UVM-IT-News.
We will publish answers to questions of general interest on the Web and/or in future issues.
So please let us know if you think we have gotten something wrong, and we will publish corrections as appropriate. And we fully expect to change our minds from time to time as we learn and are influenced by the rapidly evolving world of information technology...
Last modified May 02 2004 06:00 AM
