PPD/CG Christmas Lectures Windows – Wrap Up Gareth Smith

advertisement
PPD/CG Christmas Lectures
Windows – Wrap Up
Gareth Smith
PPD Xmas Lectures
17th December 2007
Future Plans
Microsoft Office 2007
– New file formats. Issues of
compatibility despite converters
(esp. MS Project).
– Testing now
– No roll-out date yet. Hope for coordination across site.
Microsoft Windows Vista
– Testing now (including applications –
Exceed…..)
– Plan to go to 64-bit Vista
– Investigating standard approach
across site.
PPD Xmas Lectures
17th December 2007
Web Services
New Web server (HEPWIN2003G) brought into
production during August.
– Windows Server 2003
– IIS6
– more disk space.
The migration included:
Cleanup (archiving) of old webs.
Tightening permissions.
Use of secure (https) connection where password
controlled access is needed.
Thanks to Alistair Haig for much of this work.
PPD Xmas Lectures
17th December 2007
Security Reminders
Skype
Use of the Skype (www.skype.com) peer to peer
(P2P) telephony software is not permitted within
STFC. This is due to the :
– Potential violation of the JANET Acceptable Use
Policy (AUP)
– Misuse of local client/network resources
Instant Messaging clients
Use of the Instant Messaging (IM) clients within
STFC continues to be restricted to authorised
services only. This is due to the potential for:
– Network resource misuse
– Increased exposure to IRC (Internet Resource
Chat) borne virus/worm infections
– Potential corporate liability and Freedom of
Information concerns
– Lack of co-ordinated client management and
patching
– Incompatibility between some proprietary Instant
Messaging protocols/clients
PPD Xmas Lectures
17th December 2007
Use of Virtualization
Becoming more popular as ‘easy’ to use.
Benefits:
Cheap
Much less hassle than dual boot
But...
Guest Operating System(s) still a security risk:
Patch, Firewall, Anti-Virus updates
Yet may only infrequently be started
Licensing issues
PPD Xmas Lectures
17th December 2007
This week’s Security
Vulnerabilities
The Consensus Security Vulnerability Alert.
Dec 10, 2007
Widely Deployed Software:
(1) CRITICAL: Cisco Security Agent Buffer Overflow
(2) CRITICAL: Skype URI Handling Remote Code Execution
(3) HIGH: HP OpenView Network Node Manager CGI Scripts Remote
Code Execution
(4) HIGH: Avast! Antivirus TAR File Processing Memory Corruption
(5) HIGH: 3ivx MPEG-4 Codec Buffer Overflow
(6) HIGH: Novell NetMail Antivirus Service Integer Overflow
(7) MODERATE: HP Select Identity Undisclosed Authentication
Bypass
(8) MODERATE: OpenOffice.org Database File Arbitrary Code
Execution
(9) MODERATE: Novell BorderManager Multiple Vulnerabilities
(10) MODERATE: MIT Kerberos Multiple Vulnerabilities
.............. Etc.
PPD Xmas Lectures
17th December 2007
This week’s Security
Vulnerabilities - 2
Part II – Newly Discovered Vulnerabilities
07.50.1 - Microsoft Web Proxy Auto-Discovery Proxy Spoofing
07.50.2 - Microsoft Optical Desktop Wireless Keyboard Weak Encryption
Information Disclosure
07.50.3 - Microsoft December 2007 Advance Notification Multiple
Vulnerabilities
07.50.4 - Yahoo Toolbar Helper Class ActiveX Control Remote Buffer Overflow
Denial of Service
07.50.5 - RealPlayer RMOC3260.DLL ActiveX Control Import Denial of Service
07.50.10 - HFS HTTP File Server Arbitrary File Upload
07.50.11 - Apple Mac OS X VPND Remote Denial of Service
07.50.12 - Apple Mac OS X Mach_Loader.C Local Denial of Service
07.50.13 - Red Hat Content Accelerator Memory Leak Local Denial of Service
07.50.14 - Zsh Insecure Temporary File Creation
PPD Xmas Lectures
17th December 2007
Laptop Synchronization
We advise:
-Synchronizing your H: drive
-Synchronizing Outlook.
-… what if the laptop is stolen (or breaks)..
Encrypt the file cache.
Don’t synchronize personal files etc.
unnecessarily.
- Take care with personal information on
USB memory sticks…
PPD Xmas Lectures
17th December 2007
Access from offsite & visitor
facilites
Access into RAL from Offsite:
PPTP
Bastion Host
Outlook Web Access
Configure Outlook to use ‘https’. Use of (secure) imap.
http://hepwww.rl.ac.uk/ppdcomputing/WindowsXP/Outlook_page.htm
For Visitors to RAL PPD:
Regular visitors can register laptops with us.
– Require patched and have up-to-date Anti-Virus.
– At present we do give out an address to a visitors’ laptop even
if not registered.
Map “visitors network” through to offices.
Can create accounts for visitors.
PPD Xmas Lectures
17th December 2007
PDAs
We provide some support for PDAs
Experience with Windows Mobile 5 & 6.
Tariffs available via the RAL Telephone helpdesk.
Including 3G connections.
Example of PDA Choice.
Vodafone v1615 (HTC TyTN II)
Capabilities:
Wireless, quad-band phone, USB, GPS
Synchronize files with PC
Synchronize e-mail, diary with Exchange
PPD Xmas Lectures
17th December 2007
Computer Room Power
R1 Lab 8 Computer Rooms shared by Windows and LINUX (Tier
2).
Problem:
• Significant increase in electrical power requirements for
Tier 2 systems.
• At limit of single phase supplies (60 amps to each room).
• 2 racks full of worker nodes temporarily hosted in the Atlas
building
Solution:
Upgrade to use three-phase supplies:
• Three * 60amps in each room
• Outer part of Lab 8 upgraded last year
• Inner part of lab 8 upgraded in last weeks.
However, we may start hitting air conditioning limits.....
PPD Xmas Lectures
17th December 2007
Christmas Plans
All essential systems will stay up
(..... we hope .......)
Plan to turn off less essential services:
- Citrix server
- Some printers (e.g. A0 plotter).
Systems run ‘at risk’ over this period.
PPD Xmas Lectures
17th December 2007
Download