PPD/CG Christmas Lectures Windows – Wrap Up Gareth Smith PPD Xmas Lectures 17th December 2007 Future Plans Microsoft Office 2007 – New file formats. Issues of compatibility despite converters (esp. MS Project). – Testing now – No roll-out date yet. Hope for coordination across site. Microsoft Windows Vista – Testing now (including applications – Exceed…..) – Plan to go to 64-bit Vista – Investigating standard approach across site. PPD Xmas Lectures 17th December 2007 Web Services New Web server (HEPWIN2003G) brought into production during August. – Windows Server 2003 – IIS6 – more disk space. The migration included: Cleanup (archiving) of old webs. Tightening permissions. Use of secure (https) connection where password controlled access is needed. Thanks to Alistair Haig for much of this work. PPD Xmas Lectures 17th December 2007 Security Reminders Skype Use of the Skype (www.skype.com) peer to peer (P2P) telephony software is not permitted within STFC. This is due to the : – Potential violation of the JANET Acceptable Use Policy (AUP) – Misuse of local client/network resources Instant Messaging clients Use of the Instant Messaging (IM) clients within STFC continues to be restricted to authorised services only. This is due to the potential for: – Network resource misuse – Increased exposure to IRC (Internet Resource Chat) borne virus/worm infections – Potential corporate liability and Freedom of Information concerns – Lack of co-ordinated client management and patching – Incompatibility between some proprietary Instant Messaging protocols/clients PPD Xmas Lectures 17th December 2007 Use of Virtualization Becoming more popular as ‘easy’ to use. Benefits: Cheap Much less hassle than dual boot But... Guest Operating System(s) still a security risk: Patch, Firewall, Anti-Virus updates Yet may only infrequently be started Licensing issues PPD Xmas Lectures 17th December 2007 This week’s Security Vulnerabilities The Consensus Security Vulnerability Alert. Dec 10, 2007 Widely Deployed Software: (1) CRITICAL: Cisco Security Agent Buffer Overflow (2) CRITICAL: Skype URI Handling Remote Code Execution (3) HIGH: HP OpenView Network Node Manager CGI Scripts Remote Code Execution (4) HIGH: Avast! Antivirus TAR File Processing Memory Corruption (5) HIGH: 3ivx MPEG-4 Codec Buffer Overflow (6) HIGH: Novell NetMail Antivirus Service Integer Overflow (7) MODERATE: HP Select Identity Undisclosed Authentication Bypass (8) MODERATE: OpenOffice.org Database File Arbitrary Code Execution (9) MODERATE: Novell BorderManager Multiple Vulnerabilities (10) MODERATE: MIT Kerberos Multiple Vulnerabilities .............. Etc. PPD Xmas Lectures 17th December 2007 This week’s Security Vulnerabilities - 2 Part II – Newly Discovered Vulnerabilities 07.50.1 - Microsoft Web Proxy Auto-Discovery Proxy Spoofing 07.50.2 - Microsoft Optical Desktop Wireless Keyboard Weak Encryption Information Disclosure 07.50.3 - Microsoft December 2007 Advance Notification Multiple Vulnerabilities 07.50.4 - Yahoo Toolbar Helper Class ActiveX Control Remote Buffer Overflow Denial of Service 07.50.5 - RealPlayer RMOC3260.DLL ActiveX Control Import Denial of Service 07.50.10 - HFS HTTP File Server Arbitrary File Upload 07.50.11 - Apple Mac OS X VPND Remote Denial of Service 07.50.12 - Apple Mac OS X Mach_Loader.C Local Denial of Service 07.50.13 - Red Hat Content Accelerator Memory Leak Local Denial of Service 07.50.14 - Zsh Insecure Temporary File Creation PPD Xmas Lectures 17th December 2007 Laptop Synchronization We advise: -Synchronizing your H: drive -Synchronizing Outlook. -… what if the laptop is stolen (or breaks).. Encrypt the file cache. Don’t synchronize personal files etc. unnecessarily. - Take care with personal information on USB memory sticks… PPD Xmas Lectures 17th December 2007 Access from offsite & visitor facilites Access into RAL from Offsite: PPTP Bastion Host Outlook Web Access Configure Outlook to use ‘https’. Use of (secure) imap. http://hepwww.rl.ac.uk/ppdcomputing/WindowsXP/Outlook_page.htm For Visitors to RAL PPD: Regular visitors can register laptops with us. – Require patched and have up-to-date Anti-Virus. – At present we do give out an address to a visitors’ laptop even if not registered. Map “visitors network” through to offices. Can create accounts for visitors. PPD Xmas Lectures 17th December 2007 PDAs We provide some support for PDAs Experience with Windows Mobile 5 & 6. Tariffs available via the RAL Telephone helpdesk. Including 3G connections. Example of PDA Choice. Vodafone v1615 (HTC TyTN II) Capabilities: Wireless, quad-band phone, USB, GPS Synchronize files with PC Synchronize e-mail, diary with Exchange PPD Xmas Lectures 17th December 2007 Computer Room Power R1 Lab 8 Computer Rooms shared by Windows and LINUX (Tier 2). Problem: • Significant increase in electrical power requirements for Tier 2 systems. • At limit of single phase supplies (60 amps to each room). • 2 racks full of worker nodes temporarily hosted in the Atlas building Solution: Upgrade to use three-phase supplies: • Three * 60amps in each room • Outer part of Lab 8 upgraded last year • Inner part of lab 8 upgraded in last weeks. However, we may start hitting air conditioning limits..... PPD Xmas Lectures 17th December 2007 Christmas Plans All essential systems will stay up (..... we hope .......) Plan to turn off less essential services: - Citrix server - Some printers (e.g. A0 plotter). Systems run ‘at risk’ over this period. PPD Xmas Lectures 17th December 2007