IRIS Staff

The switch in 165 Cory Machine room will be upgraded on Monday June 6 at 07:00 (AM).

Ports will be moved one at a time to avoid undue downtime. Typical outage should be less than 5 seconds.
Unless your operating system behaves badly with having your default MAC address changed, then you probably wont notice anything.

Once everyone is moved over, the main uplink fibers will be changed over.
This may or may not cause a glitch.
We don’t expect it to. Durring the switch over there may be a performance hit, since during this time the pipe will be reduced to 100MBS.
The overall mintenance window should only be 1 hour.

There will be an upcoming downtime for all wireless services in EECS
for this Thursday May 26th from 06:00-08:00 AM for a code upgrade. Please plan
accordingly.

Coeus and project will be down for maintenance (hardware and software)
Wednesday, June 1, 2005 at 4:00 PM. The downtime is expected to last no
more than 2 hours. During this time the systems may be coming up and down
repeatedly, which should not be mistaken as an indication of the conclusion
of the work. An update will be posted when the work is finished.

NFS clients should not have to do anything. CIFS clients may have to re-open
files/etc. Client systems should not be needing reboots. This is a
troubleshooting/upgrade downtime, no serious changes are happening.

Microsoft has released security patches as of May 10th 2005. See
http://www.microsoft.com/technet/security/bulletin/ms05-may.mspx for complete bulletin.

Security patches defined by Microsoft as “critical” or “important” MUST be applied within 5 business days of notification. Should there be active exploits, the time will be adjusted and users will be informed appropriately. Hosts unpatched after the defined time are subject to scanning and removal from the EECS network as per campus IT security policies (http://socrates.berkeley.edu:2002/MinStds/).

Patching is sometimes dependent on the service pack level of the Microsoft OS, and installed applications, please read requirements carefully.

Critical Security Bulletins

---

Microsoft Security Bulletin MS05-024
Vulnerability in Web View Could Allow Remote Code Execution (894320)
– Impact: Remote Code Execution
– A Proof of Concept exploit has been published.
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
[Read more…] about Microsoft Security Bulletin Summary for May 2005

Microsoft will release their patches for the month on May 10th. HERMES,PRINT, RIS and WINSWW will be down for patching Wednesday, May 11th from 3:00 – 5:00pm.

Hi folks –

This mail is to remind you that starting Sunday, the campus reserves the right to terminate network access without notice, for systems which do not meet the campus minimum security standards for networked devices.

Although EECS has made good progress towards meeting the standards, there are still many many systems on our networks which are not up to code. We are continuing to work with you to fix the existing problems, and are actively developing tools to assist you in assessing the state of your systems.

Aspects of the standards which are most likely to cause problems in EECS include:

* Windows and Apple systems must run antivirus software.

* All mail servers must scan mail for virus laden attachments.

* Most hosts, including Windows 2000 Professional, XP, MacOSX, and all unix systems, must run personal firewall software.

* All services must be authenticated, and no unencrypted authentication mechanisms are allowed. Services such as telnet and non-anonymous FTP need to be turned off. All unnecessary services must be disabled.

* Systems must be fully patched. Systems must not run software or operating systems which are not actively supported by the developer. A partial list of operating systems no longer allowed on campus networks includes:

Windows NT4 and earlier
Windows 98, first edition and earlier
RedHat Linux 9.x and earlier (must upgrade to Fedora or enterprise edition)
Solaris 7 and earlier, unless you have an active “Vintage Support” contract with Sun
SGI IRIX before 6.5.27
HP-UX 10.30 and earlier
Ultrix
OSF
AIX 4.3.3 and earlier
MacOS 9 and earlier (must upgrade to OSX)

Systems running these operating systems *may* be disconnected from the network without notice starting Monday (see below).

The full set of standards is online here:

http://socrates.berkeley.edu:2002/MinStds/AppA.min.htm

The overall campus security policy (including implementation guidelines and mechanisms for requesting exceptions to the standards) is here:

http://socrates.berkeley.edu:2002/MinStds/

Although we do not anticipate that there will be a mass disconnection of noncompliant systems on Monday, recent security incidents elsewhere on campus have *significantly* increased the likelihood that this will happen in the not-so-far future. We *strongly* urge all members of the department who are responsible for computing resources (there are about a thousand of you) to make sure that those systems are compliant with the minimum standards in order to avoid inconvenience.

Please send questions or concerns directly to me.

Thanks, folks.

–alex

The EECS RIS server is back in production. Currently the only image
being offered is Window XP SP2.

Our domain requires NTLMv2 or better for authentication. With that level
of security, Server 2003 RIS services can not install a Windows 2000
image. Microsoft is aware of the problem and working on a soulution. A
Windows 2000 image will be made available as soon as possible.

Thank you for your patience through this down time.

PRINT and WINSWW will be rebooted and unavailable for 15 minutes on Friday, April 29th from 5:00PM to 5:15PM.

Microsoft has released security patches as of April 12th, 2005. See http://www.microsoft.com/technet/security/bulletin/ms05-apr.mspx for complete bulletin.

Security patches defined by Microsoft as “critical” or “important” MUST be applied within 5 business days of notification. Should there be active exploits, the time will be adjusted and users will be informed appropriately. Hosts unpatched after the defined time are subject to scanning and removal from the EECS network as per campus IT security policies (http://socrates.berkeley.edu:2002/MinStds/).

Patching is sometimes dependent on the service pack level of the Microsoft OS, and installed applications, please read requirements carefully.

Critical Security Bulletins

---

Microsoft Security Bulletin MS05-019
Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066)
– Impact: Remote Code Execution
– No active exploit as of 04/14/05.
Microsoft Windows 2000 Service Pack 3 and 4
Microsoft Windows XP Service Pack 1 and 2
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems

Microsoft Security Bulletin MS05-020
Cumulative Security Update for Internet Explorer (890923)
– Impact: Remote Code Execution
– No active exploit as of 04/14/05.
Microsoft Windows 2000 Service Pack 3 and 4
Microsoft Windows XP Service Pack 1 and 2
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems

Microsoft Security Bulletin MS05-021
Vulnerability in Exchange Server Could Allow Remote Code Execution (894549)
– Impact: Remote Code Execution
– No active exploit as of 04/14/05.
Microsoft Exchange 2000 Server Service Pack 3
Microsoft Exchange Server 2003
Microsoft Exchange Server 2003 Service Pack 1

Microsoft Security Bulletin MS05-022
Vulnerability in MSN Messenger Could Lead to Remote Code Execution (896597)
– Impact: Remote Code Execution
– No active exploit as of 04/14/05.
MSN Messenger 6.2

Microsoft Security Bulletin MS05-023
Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169)
– Impact: Remote Code Execution
– No active exploit as of 04/14/05.
Microsoft Word 2000
Microsoft Works Suite 2001
Microsoft Word 2002
Microsoft Works Suite 2002
Microsoft Works Suite 2003
Microsoft Works Suite 2004
Microsoft Office Word 2003
[Read more…] about Microsoft Security Bulletin Summary for April 2005

On Sunday, April 10 at 9PM, the EECS Web Server, web1.eecs.berkeley.edu,
will be unavailable for a short time while the operating system software
is patched.  Downtime should not exceed 30 minutes.  Department personal
web pages and the following sites will be unavailable during this time.



www.cs.berkeley.edu
www.eecs.berkeley.edu
ee.berkeley.edu
titanium.cs.berkeley.edu
blackouts.eecs.berkeley.edu
quantum.cs.berkeley.edu
www-bisc.cs.berkeley.edu
www-w2k.cs.berkeley.edu
tenet.berkeley.edu
safetp.cs.berkeley.edu
aima.eecs.berkeley.edu
networks.eecs.berkeley.edu
orange.eecs.berkeley.edu
osq.cs.berkeley.edu
bebop.cs.berkeley.edu
www.object-recognition.org
harmonia.cs.berkeley.edu
cc05.cs.berkeley.edu
lithonet.eecs.berkeley.edu
nanophotonics.eecs.berkeley.edu
sipc.eecs.berkeley.edu
theory.eecs.berkeley.edu
web1.eecs.berkeley.edu