Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

City College of San Francisco UNAPPROVED Minutes

advertisement

City College of San Francisco

UNAPPROVED Minutes from ITPC Meeting on April 17, 2012

Attendees

Committee Members: Craig Persiko, Joe Jah, Anthony Costa, David Hotchkiss,

Ophelia Clark,

Resources: Carol Reitan, Cynthia Dewar

Guests: Doug Re, Tim Ryan,

The meeting was called to order at 1:15 pm.

I.

Approval of Minutes

A. The minutes from 3/20/2012 were approved with corrections.

II.

Reports

A.

Educational Technology Department Report (Cynthia) i.

ETD will be upgrading to Moodle 2.0 but will delay the upgrade until 2013.

III.

New Business

A.

Google Applications for Higher Education and Open ID (Doug) i.

Doug Re asked for authorization to turn on all Google

Apps in CCSF’s Google Applications.

1.

Members indicated that we should have all of the options turned on. a.

Doug listed the apps that are turned off including

Google Chat and Google Groups. b.

Members asked why these were not turned on in the first place. Doug said that there were concerns about turning on some of the apps and the negative impact in the classroom. c.

Doug suggested that he come back to the May meeting with a list of what CCSF has turned off and in the meet time turn on Google Chat, Google

Groups. d.

Doug was asked if Google Chat and Google Groups were https. He will check. The CITO agreed that all apps should be turned on. He pointed out that

ITPC does not authorize policy. The question is where does it stop? At what point does this not go to the Board? It is not within our charter to make

Minutes from 4/17/12 ITPC Meeting 1

policy. There was a discussion about what the

Board decides on. Doug pointed out that historically; it stopped with ITPC authorizing the adoption of it. The only other Shared Governance

Committee that would need to know about this topic would be TLTR. Craig was asked to take this topic to CAC and the CITO wanted to make certain that the request came to ITPC before any action was taken. ii.

Doug asked that ITPC authorize Open ID be turned on via

Google Apps so that there can be a single sign-on to Google

Apps for Insight users.

1.

ITPC approved this request.

B.

Network Security Workgroup Update (Tim Ryan) i.

The workgroup concluded that Windows updates and Virus updates need to be running on all desktops. The workgroup will put up information on the ITS website so that users can check their machines to make certain that the machines are updated.

ITS will manually check those computers that regularly have

Personal Identifiable Information. There is a small sub set of the College that has such information and a schedule will be established to check such machines. ii.

The workgroup recommended that Alien Vault be removed because of the large amount of false positives. Anthony pointed out that it was beyond the false positives – some machines that are outside of San Francisco were identified as part of our network. Tim said that we do not know the guidelines and parameters for which it was set-up. It does make other parts of the system vulnerable. It was suggested that one of the servers be donated to Sam Bowne’s CNIT course to be used as part of a learning process for students. The other servers would be redeployed. iii.

Lastly, the firewall upgrade on April 22 nd was discussed.

With the update we go from IDS (Intrusion Detection) to IPS

(Intrusion Prevention). Tim listed questions he asked the vendor about IPS, and he passed out info on it. iv.

Tim was asked to clarify Alien Vault's results. Tim said that initially the Zeus virus had attempted to infect a machine and that the machine was able to stop Zeus with the installed virus scanning software.

2

1.

There were two machines identified that had traffic with

Zeus signatures. One in Batmale had Zeus and the IT technician found that the installed Microsoft security software had caught and automatically removed Zeus.

2.

The other incident, they believe, was a computer at the

Mission campus, probably a personal computer plugged in because the naming convention is not one that ITS uses.

By the time ITS traced it they could not find it. These were the two real time incidences. v.

Joe asked if there is a way to capture the MAC address.

Tim said that JR suggested we take the step to make a permanent reservation for each desktop. The downside to doing this is that steps need to be taken manually for all machines at CCSF. This could be done for some campuses and not done for others. Right now the default is eight days. With the new IPS system, how will it relate to this issue? After we have our new system we can re-visit this topic. Some environments are different from others: for example, labs. Tim is looking at automating this process. Anthony pointed out that we have all found it reassuring that we have not found serious breaches in our security. Basically, what ITS has been doing is working and we have a consensus that we do not want to spend a lot of time and resources…a common error is to be more concerned with security and that is in opposition to the institutional mission. At times ITS was criticized as being too restrictive.

Tim pointed out that the classrooms are now open, the new Wi-

Fi makes the system more accessible and we have the guest network accessibility. Greater use of our network does not incur more cost. We use only about 30% of the allocated State resources for network traffic; and that is at peak times. vi.

Joe shared a story about the dynamic IP address that he uses at home being blocked by CCSF. It took him two days to figure out that ITS was blocking it. Is there a process for discovering it? Somehow an IP is presented to ITS and it is blocked, do we know what scale this blocking is happening?

Anthony indicated that he was also blocked at one point. Did not ITPC agree that blocking of IP addresses was going to stop? ITS has not taken any IP addresses off the blocked list.

Tim said that we are in a holding pattern until the April 22 nd update to IPS. During that time, Tim said that they are going to be more cautious and try to determine what exactly is the threat. Also, it would be individual IP blocking only; ITS

Minutes from 4/17/12 ITPC Meeting 3

stopped doing group blocking. But ITS does need to understand how IPS works. Joe’s blocking was related to an FTP transfer.

The CITO pointed out that nothing is full proof. IPS looks at signature first and traffic second. Any block will take place because of a defined signature. IPS updates their list once a day. It is not IP based but signature based. Joe asked if it was possible to have it block the MAC address and not the IP address? Anthony asked if we want to do either one? The IPS can block by nation. Anthony asked if the IP blocking is something that CCSF wants to use. Tim said that if there is some determination of the variation of a threat, we would start with critical and determine the impact. One of the negative impacts of not blocking in the past was with the

Library systems slowing down. Tim wants to measure the latency and he will have some data before the process. There are some basic questions that Tim needs answered by Dataway. The upgrade will be completed this weekend. ITS will begin to monitor the upgrade and report back to ITPC in May. Craig confirmed that the IP addressed are in the holding pattern and then asked if ITS will do away with the list? The CITO cannot confirm why the blocks were there. It’s not smart to unblock everything so un-scientifically. We will do it one by one while monitoring traffic. There are nine groups. This way ITS can figure out what is going on. They have been there since

November 2011 or later. According to the CITO, there were millions of IPs blocked starting in November and no one knows why we have these IPs blocked but we do not have it documented. Carol asked who asked for those IP blocks to be put on in November. The CITO said that is the question. He said that we do not know why these IPs are being blocked. The

CITO said that one of Tim’s goals is to put together a

Configuration Management Plan. The process is being clarified.

Benton put blocks on IPs. He looks at what is a threat and make a determination. Committee members asked the CITO who gave Benton the guidelines? The CITO said he did not give him

(Benton) the guidelines. The CITO added that people have been here a long time. Craig asked to get back on topic. Anthony explained that the lack of documented process is being blamed as the reason IT is dragging its’ feet on removing the blocking. If our security systems are working, then why do we need to maintain this blocking? Tim pointed out that we had serious problems with Millennium. Anthony pointed out that

4

this is a theory and added that maybe being aggressive has alleviated some of the threats. We have only documented the threat, not the type of threat. It was a range of a threat not a specific individual. Anthony asked about what is the worst possible threat if we unblocked it? Tim said it could be denial of service and/or probing the system to slow down our system. The CITO said the worst case is that something hacks into our system. The worst case is not slowing down our system or probing. Members said this would be a failure of more than just IP blocking if our systems were hacked. The ones on the

IPS are blocked by signature and we will then know why but know we do not know why now because it is based on IP blocking. Anthony said that his concern is that we have heard so many times just a couple of more weeks about this issue and here we are half way into April. If we had some confidence that what is being said will be carried out on the timeline that has been presented then we could proceed more easily. The

CITO said let’s be clear on the timeline. Dataway said that the system would go into a monitoring mode. It could take 6-8 weeks before the IPS comes online in a state where we are confidant we are sure it is doing its job. If you want a solution tomorrow—it is not going to happen. Anthony: Here is the problem? It comes on April 22 nd but on June 22 nd we will start removing IPs. Tim responded that ITS we will take off blocks of a million IPs next week and phase out other IPs being blocked over the next eight weeks. vii.

There was discussion of unblocking the millions of IP addresses that CCSF is blocking and has been since November.

Tim and Doug were not involved in the blocking of IPs. He said they could not all be unblocked at the same time as this could cause unknown problems. They need to unblock them group by group to avoid doing damage. This is because D. Hotchkiss said that he did not know why the various IP addresses were blocked. Only Benton Chan knew what he had done and there was no documentation. When asked why there was no documentation, he said "they've been here a long time haven't they". C.

Reitan stated it was not fair to blame B. Chan. D. Hotchkiss said, "I did not blame Benton." C. Reitan stated that she found it disturbing that the one person in the room that was involved with the network security project of blocking IPs did not know why it had been done.

Minutes from 4/17/12 ITPC Meeting 5

viii.

There was a suggestion to add a documentation requirement to the "Network Management Policies and

Procedures" document being drafted by the committee. ix.

After this discussion, work was continued on the Network

Management document. Discussion on section #3.4 was around being sure that the blocking was not done on content but based on malicious activity.

Further discussion concerned making sure that security assessments be done by a team at CCSF, not an individual, nor a vendor. Finally the appeals process for exceptions being granted to items in the NMPP document was discussed with the

ITPC being the last body to review appeals that could not be resolved lower in the chain.

C.

Chief Information Technology Officer’s Report – David Hotchkiss i.

No report.

IV.

Adjourned at 1:14 pm

Submitted by Cynthia Dewar and Carol Reitan

6

Download
advertisement