Information Technology News Archive

1996 - 2017

You are here: Home / Archives for Voice and Data Services

Voice and Data Services

Campus Network Backbone To Be Upgraded

by

NACS has received approval to implement a major upgrade of the UCInet backbone over the next year. The backbone is the primary data network infrastructure connecting every building at UCI. The planned upgrade will address rapidly growing communication needs, and provide a foundation for ongoing departmental network improvement projects. It will ensure continued, transparent operation of the critical campus data communications infrastructure, and provide for deployment of CalREN-2, the UC-wide, high-speed regional network.

The new backbone will employ a Gigabit (1,000 Megabits/second) Ethernet fault-tolerant core to connect campus buildings at Fast Ethernet (100 Megabits/second) and Gigabit Ethernet speeds. Existing departmental networks will be connected to this core through newer, higher-speed routing and switching devices over fiber optic cable.

For detailed information, please see NACS’ Backbone Upgrade Plan in the Web:

http://www.nacs.uci.edu/communication/plans/backbone-plan-1998.html

Questions about the plan may be addressed to Garrett Hildebrand, whose e-mail address is GDH@UCI.EDU.

EA System Spring Quarter Hacker Attack

by

In a past edition of NACS-News, information was shared about the increasing frequency of computer system break-ins and related activities across the Internet. Several other attacks have been fought off by UCI computer supporters since that article was written. One major incident involved NACS’ student computing cluster, EA. In late May, an intruder used a flaw in Sun’s UNIX operating system (now fixed) to gain privileged access to the EA system. He ran a network “packet sniffer” for about 24 hours, which enabled him to collect passwords for about 1300 EA users. As a result, NACS was forced to have each of those 1300 people change his or her password, which was a major inconvenience for all.

NACS continues to investigate ways to reduce the impact of visits by these unwelcome intruders. Substantial staff time is already put into monitoring security alerts and installing patches to correct operating system security problems as they are discovered. NACS has obtained a bulk software license for a secure-Telnet product for Macs and PCs. Using secure-Telnet to connect to remote hosts protects user data and passwords from being sniffed by intruders who gain illegal access to systems connected to the network.

UCI Internet Weather Report

by

The Internet is a complex mesh of local, regional, national, and international networks linked together to behave like a single network. Your ability to access a particular network host at any particular instance depends on the status of all the networks that host’s information “packets” must traverse to reach you at UCI. The condition of networks depend on the activities of countless other network users as well as the status of a multitude of network routers and other devices. Frequently, one network or another is congested or suffering from other problems.

The network is much like the weather — some days are nicer than others, and sometimes one part of the world may be experiencing severe thunderstorms while others are basking in sunshine.

NACS has installed the “UCI Internet Weather Report” to help UCI network users get a sense of the condition of the Internet, and UCI’s connection to it. This is a web page that provides a glimpse of the “Internet Weather” at any point of time by summarizing the current “weather” between UCI and hosts on various networks around the country. The network weather is depicted as a color coded bar (green’s good, red’s bad, yellow’s in-between) determined from the amount of network data being “lost” between UCI and the remote host. This data loss is referred to as “dropped packets” and causes transmissions to be repeated until they are successfully received. These retries slow network response time.

To stay in touch with the weather (the UCI Internet weather that is) add a bookmark to the UCI Internet Weather Report:http://weather.uci.edu/

Hackers, Network Attacks, and You

by

NACS would like the campus community to be aware that there are increasing numbers of people who use their Internet access to attempt to compromise security on computers connected to the network. Their intentions are more often to “have some fun” rather than to steal anything. Simply gaining access, causing pointless network traffic, and the like, is sport for them. This means you need not have something “important” on your system for it to be a target. If hackers come, they will be disruptive — perhaps just in terms of the target system itself, but more likely in terms of the network as a whole.

LINUX, like other powerful, multi-user operating systems, is a frequent target among hackers. Last summer we had at least 10 Linux systems broken into. The hackers caused downtime, started “ping bombs” on local UCI networks that caused significant network slowing, forced users to re-install operating system software, and forced NACS to disconnect parts of the network at times to prevent greater outages/security-issues.

System Owner Responsibilities

Hackers will not stop at UNIX-based systems like Linux; Windows NT and other systems are also at risk. If you are the owner of a NT, Linux, UNIX, or other multi-user system, you should be aware of the possibility of network attacks. To reduce the likelihood of attacks, someone must follow security alerts and install patches on your computers as necessary. Further, your systems should be regularly inspected for signs of a break-in. If you need help, contact your local computing supporter or NACS for advice.

NACS Actions to Protect the Network

To maintain the integrity of the network, NACS must occasionally disconnect systems that have been violated. Every attempt is made to contact local supporters and/or system owners before taking such a step. Please take appropriate steps to make your systems secure to avoid losing network connectivity and to keep the campus network secure overall.

NACS also has a “firewall” router in place that controls flow of all traffic between UCI and the rest of the Internet. The firewall is occasionally used to disallow access from certain hosts or parts of the Internet that are the source of network problems or hacker attacks. Such access restrictions are announced to the Network Operations Mailing list, UCINET-OPS-NET@UCI.EDU, and are removed as soon as the appropriate authority can be notified and correct the situation. The firewall allows NACS to keep UCInet up and running despite the anti-social activities of a few.

NACS Security Team

NACS has recently created a team of NACS and other staff to review campus network and computer security, make recommendations on how to improve it, and act as a coordination device when network attacks occur. If you have questions, concerns or other input about network security, please contact NACS.

Network Addresses, Names and Name Service

by

As a network user, you may have often heard mention of terminology such as “network addresses”, “hostnames”, “DNS”, “name-servers”, “registering” your computer, and the like. If you have wondered what all the fuss was about, read below for some answers to your questions.

What is an Internet Name/Address?

Every computer connected to the network has a numeric “address” associated with it, based on its physical location. This number, also known as an “Internet Protocol (IP) address”, is used by network software to route data to the proper destination. Each computer also has a “hostname” associated with it, usually something that is meaningful to humans and indicative of the computer’s organizational relationship within the network.

For example, NACS’ orion UNIX service has a network number of 128.200.80.20, indicating it is located at UCI (128.200) and in Engineering Gateway (subnet 80). The official name of the system is “orion.nacs.uci.edu”, indicating it is associated with the NACS part of UCI. The computer could be moved to a different building with the same name, only the network address would change.

What is the Internet Domain Name Service?

The “Domain Name System” (DNS) is a world-wide distributed database system that maintains network name and address information for every computer connected to the Internet. It is among the most critical components of the network, as virtually nothing works without it. You may not realize it but you are using DNS every time you send an electronic mail message or click on a link in a web page.

How does the Domain Name Service work?

There are thousands of DNS “name-servers” around the world, each one responsible for a portion of the entire Internet “name space”. NACS is responsible for UCI’s portion of the name space, which is known as the “UCI.EDU domain”. In addition to UCI.EDU which provides network address lookups based on hostnames, UCI also manages the “reverse lookup” domain which allows a hostname to be determined from its network address.

When your network software needs to access another system, it first contacts its local name-server. If the desired system is a local UCI host, the name-server supplies the network address directly. If the host is off campus, the name-server contacts the appropriate name-servers in series to determine the network address.

Why register your computer?

It is important that your computer’s name and address be registered in DNS for several reasons. First, it will ensure that you are assigned a unique IP address. Many computer users have encountered problems due to someone else’s computer using their IP address.

Secondly, many information and service providers have restricted their host access to computers which are registered in DNS. There are unscrupulous people who use anonymous, non-registered IP addresses to “attack” hosts and cause various electronic mischief. Lastly, knowing the departmental ownership of systems allows NACS to collect overall statistics concerning network traffic, which is critical for network maintenance and planning.

How can I make sure my host is registered?

If you use NACS computer systems (EA, E4E, Orion, etc.) and are not receiving an error message about your host needing to be registered, your computer is registered. You may also check with your local computing support coordinator, who is likely in charge of registering hosts for your department. If you have further questions, drop NACS a note via our NACS@UCI.EDU e-mail address.