Information Technology News Archive

1996 - 2017

Citrix Metaframe

by

Citrix Metaframe is a commercial product for using remote computing resources from your desktop. Applications can be set up so that they appear to run on your computer, but the actual processing is done on a server somewhere else. All your local machine is doing is providing a display.

Citrix offers several advantages. First, Citrix allows for low speed processors to “run” high-end applications that require a fast new computer. You can get more use out of your older systems, as long as there is one powerful shared computer on your network.

Second, Citrix provides easy administration. Instead of upgrading software on many machines in an office, using Citrix makes it necessary to upgrade only the shared server running Metaframe.

Third, Citrix enables the use of cross-platform applications. Mac, Unix, and DOS machines can all use Windows applications through the use of the Citrix client. For example, everyone can use Internet Explorer for the PC by installing and configuring the Citrix client.

NACS uses Citrix to allow Macintoshes around the office to connect to the new telephone billing program (called Mysoft.net). Mysoft.net uses Microsoft’s ActiveX system which will not run on Macs. With Citrix, NACS’s Macintoshes have the ability to access the billing system.

For more information on Citrix Metaframe, please refer to the vendor’s web site: http://www.citrix.com/products/

Network Attacks Continue

by

A May 5, 2001 advisory from NIPC (National Infrastructure Protection Center) reported an increase in “distributed denial of service” (DDOS) attacks around the country. In fact, even whitehouse.gov was laid low by such an attack on Friday, May 4. (For more information, please see http://www.cnn.com/2001/TECH/internet/05/08/dos.warning.idg/index.html)

Ordinary DOS attacks involve keeping a computer or network device so busy handling spurious requests that the device becomes unable to manage the business for which it is intended. Sometimes these attacks are launched from a computer directly under the control of an attacker. Other times the attack is indirect, where a hacker takes control of a remote computer and uses it to launch an attack. (This intermediate computer is called a Zombie). Distributed DOS goes one step further by using a fleet of Zombies to launch coordinated streams, or to send many small bursts so that no one Zombie is easily noticed. (More can be found at http://www.staff.washington.edu/dittrich/misc/ddos/elias.txt)

NACS is undertaking a project to upgrade the campus border router which will provide better management of incoming network traffic. This project includes an intrusion detection system and a firewall to help detect such traffic flows. Additionally, UCI’s border router has already been configured to limit certain types of network traffic which reduces the threat of DOS attacks.

But firewalls and intrusion detection are only part of the picture. The best defense against having a computer being broken into and turned into a Zombie is to keep the system software on it up-to-date (“patched”), turn off all unused network services (“ports”), and to log activity on the system and scan the logs regularly.

Recently, NACS ran a scan on campus subnets looking for Windows 2000 machines running Microsoft IIS5.0, which has a well-publicized vulnerability on port 80 that allows remote hackers to establish telnet sessions with the system. Over 100 potentially vulnerable machines were found on campus, and this information was made available to departmental Computing Support Coordinators. NACS also regularly updates all DCS-supported machines to protect them against known kinds of attacks, and monitors the logs of these machines looking for suspicious connections from the Internet. NACS offers security updates to key support personnel around campus as well. If you do your own support and do detect DDOS activity of the type described by NIPC, please contact nacs@uci.edu. NACS is responsible for evaluating attacks and reporting to the FBI when warranted.

System Administration Services

by

For over 10 years NACS Distributed Computing Support (DCS) Group has provided professional system administration services to the UCI campus for UNIX (and to a lesser extent Windows).

Computer system administration generally refers to the maintenance of a reliable and secure computing environment. DCS has recruited, trained, and maintained a dedicated support staff alleviating individuals and workgroups of this burden and some of the associated costs.

DCS relies heavily on the use of automation and standard client hardware configurations. DCS is also responsible for maintaining DCSLib, an extensive software library.

DCS currently supports 300 systems in virtually every academic school and department, but the heaviest demand comes from the School of Physical Sciences, the College of Medicine, and the Henry Samueli School of Engineering. Over the past 5 years the number of DCS contracts has increased approximately 6 % per year.

More information on DCS services can be found at http://www.nacs.uci.edu/support/unix.html. If you would like to discuss support of your system, please contact NACS.

Windows Labs Use UCInetIDs

by

NACS has converted a number of computers in its drop-in PC labs to require UCInetID authentication.

For this initial phase, all the computers in Lab B (Engineering Gateway 1140) and half the systems in the NACS lab in HIB 343 use the new PC authentication system. If the system works as expected, NACS will convert all of its computer labs to the new scheme over the summer.

UCInetIDs (and their associated passwords) have been used as a means for delivering computer services for many years. Authentication is a term which means “proving who you are” to a computer. Certain computing resources need to be restricted to use by UCI affiliates and are thus tied to one’s “network identity.” Other times it is necessary, as with the recent student elections and changing one’s phone book data, to tie services to a single user.

In order to be able to use the PC authentication system, you need to sign up at https://authenticate.nts.uci.edu/nt/. A computer is available in the NACS labs for accessing this Web page. The new PC authentication program has been in place for only a few weeks and already over 1000 students, faculty, and staff have signed up.

NACS plans to offer other services in the near future through UCInetID authentication, including access to network file space for EA and E4E users. Authenticating from computer lab systems will thus enhance the range of services available to UCI users while working in the labs.

UCI Mobile Access Update

by

  
UCInet Mobile Access

UCInet Mobile Access

Wireless networking is an exciting new technology, and NACS is helping introduce the campus to its benefits. NACS is conducting a pilot assessment of wireless networking and its effectiveness at the current state of this developing technology. The technology used is based on the 802.11b standard for 11MB wireless ethernet networking.

Four areas are currently covered by the UCI wireless network (called UCI Mobile Access): the UCI Student Center, the Main Library (and Gateway Study Center), Engineering Gateway (NACS public labs, and some third-floor Engineering rooms and labs), and the Graduate School of Management.

In the process, NACS has built a wireless backbone that will be able to support extension of the wireless network beyond the pilot sites. We’ve also gained sufficient experience that we no longer require the services of an outside consultant for radio frequency planning.

Other UC campuses have expressed interest in modeling their own wireless efforts on UCI’s example. The UCI Libraries have created a laptop lending program (laptops with wireless cards) so that students studying the the Main Library or Gateway Study Center can connect to the wireless network. Wireless Day (April 11) at the UCI Computer Store was also enthusiastically attended.

NACS is assessing functionality and popularity in hopes that further wireless sites can be justified. NACS is available for consulting with departments whose need for wireless technology is sufficiently urgent to invest departmental funds in extending the current wireless coverage. NACS is also examining the potential of this technology in nearby residential areas.

We expect that in developing this expertise, we can add value to any campus wireless activity. Since wireless networking is inseparable from certain security and shared-use considerations, we strongly recommend that all wireless activities be coordinated through NACS.

Up to date information on UCI Mobile Access can be found at http://www.nacs.uci.edu/ucinet/mobile. NACS also hosts a wireless discussion Listserv mailing list. Send e-mail to listserv@uci.edu with the message “Subscribe ucinet-wireless Yourfirstname Yourlastname”.