Coeus and project will be down for maintenance (hardware and software)
Wednesday, June 1, 2005 at 4:00 PM. The downtime is expected to last no
more than 2 hours. During this time the systems may be coming up and down
repeatedly, which should not be mistaken as an indication of the conclusion
of the work. An update will be posted when the work is finished.

NFS clients should not have to do anything. CIFS clients may have to re-open
files/etc. Client systems should not be needing reboots. This is a
troubleshooting/upgrade downtime, no serious changes are happening.

On Wednesday, May 18, 2005 at 10pm, the EECS Department’s web server
will be unavailable for a short time when it is rebooted after routine maintenance. Downtime should not exceed 30 minutes.

This will affect all web pages hosted on:

www.eecs.berkeley.edu
www.cs.berkeley.edu
ee.berkeley.edu
titanium.cs.berkeley.edu
blackouts.eecs.berkeley.edu
quantum.cs.berkeley.edu
www-bisc.cs.berkeley.edu
www-w2k.cs.berkeley.edu
tenet.berkeley.edu
safetp.cs.berkeley.edu
aima.eecs.berkeley.edu
networks.eecs.berkeley.edu
orange.eecs.berkeley.edu
osq.cs.berkeley.edu
bebop.cs.berkeley.edu
www.object-recognition.org
harmonia.cs.berkeley.edu
cc05.cs.berkeley.edu
lithonet.eecs.berkeley.edu
nanophotonics.eecs.berkeley.edu
sipc.eecs.berkeley.edu
theory.eecs.berkeley.edu
web1.eecs.berkeley.edu

Microsoft has released security patches as of May 10th 2005. See
http://www.microsoft.com/technet/security/bulletin/ms05-may.mspx for complete bulletin.

Security patches defined by Microsoft as “critical” or “important” MUST be applied within 5 business days of notification. Should there be active exploits, the time will be adjusted and users will be informed appropriately. Hosts unpatched after the defined time are subject to scanning and removal from the EECS network as per campus IT security policies (http://socrates.berkeley.edu:2002/MinStds/).

Patching is sometimes dependent on the service pack level of the Microsoft OS, and installed applications, please read requirements carefully.

Critical Security Bulletins

---

Microsoft Security Bulletin MS05-024
Vulnerability in Web View Could Allow Remote Code Execution (894320)
– Impact: Remote Code Execution
– A Proof of Concept exploit has been published.
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
[Read more…] about Microsoft Security Bulletin Summary for May 2005

There will be an emergency network downtime. We will replace network hardware for soda 5a switch on Wed morning May 11, 2005. There will be brief network outages from 7:30AM to 8AM.

This will affect users who use wired connection on the 5th floor. Since
our wireless network feeds into our switched infrastructure at several
locations in Soda, there will also be a couple of brief outages to the
wireless network from floors 5-7 as well.

[Read more…] about Soda 5A Switch Downtime, May 11 and 17

Microsoft will release their patches for the month on May 10th. HERMES,PRINT, RIS and WINSWW will be down for patching Wednesday, May 11th from 3:00 – 5:00pm.

This web site (https://iris.eecs.berkeley.edu) will be down Sunday, May 1 from 10pm to 12 midnight for routine maintenance.

During this time, all services provided by iris.eecs.berkeley.edu will be unavailable. Note that this includes the main IRIS web site, the EECS network database, and the IRIS purchasing database.

Please send comments to img@eecs.

Hi folks –

This mail is to remind you that starting Sunday, the campus reserves the right to terminate network access without notice, for systems which do not meet the campus minimum security standards for networked devices.

Although EECS has made good progress towards meeting the standards, there are still many many systems on our networks which are not up to code. We are continuing to work with you to fix the existing problems, and are actively developing tools to assist you in assessing the state of your systems.

Aspects of the standards which are most likely to cause problems in EECS include:

* Windows and Apple systems must run antivirus software.

* All mail servers must scan mail for virus laden attachments.

* Most hosts, including Windows 2000 Professional, XP, MacOSX, and all unix systems, must run personal firewall software.

* All services must be authenticated, and no unencrypted authentication mechanisms are allowed. Services such as telnet and non-anonymous FTP need to be turned off. All unnecessary services must be disabled.

* Systems must be fully patched. Systems must not run software or operating systems which are not actively supported by the developer. A partial list of operating systems no longer allowed on campus networks includes:

Windows NT4 and earlier
Windows 98, first edition and earlier
RedHat Linux 9.x and earlier (must upgrade to Fedora or enterprise edition)
Solaris 7 and earlier, unless you have an active “Vintage Support” contract with Sun
SGI IRIX before 6.5.27
HP-UX 10.30 and earlier
Ultrix
OSF
AIX 4.3.3 and earlier
MacOS 9 and earlier (must upgrade to OSX)

Systems running these operating systems *may* be disconnected from the network without notice starting Monday (see below).

The full set of standards is online here:

http://socrates.berkeley.edu:2002/MinStds/AppA.min.htm

The overall campus security policy (including implementation guidelines and mechanisms for requesting exceptions to the standards) is here:

http://socrates.berkeley.edu:2002/MinStds/

Although we do not anticipate that there will be a mass disconnection of noncompliant systems on Monday, recent security incidents elsewhere on campus have *significantly* increased the likelihood that this will happen in the not-so-far future. We *strongly* urge all members of the department who are responsible for computing resources (there are about a thousand of you) to make sure that those systems are compliant with the minimum standards in order to avoid inconvenience.

Please send questions or concerns directly to me.

Thanks, folks.

–alex

The EECS RIS server is back in production. Currently the only image
being offered is Window XP SP2.

Our domain requires NTLMv2 or better for authentication. With that level
of security, Server 2003 RIS services can not install a Windows 2000
image. Microsoft is aware of the problem and working on a soulution. A
Windows 2000 image will be made available as soon as possible.

Thank you for your patience through this down time.

PRINT and WINSWW will be rebooted and unavailable for 15 minutes on Friday, April 29th from 5:00PM to 5:15PM.

We will replace a new switch on Soda 5th floor on Thursday morning April 28, 2005. There will be brief network outages from 7AM to 8AM. This will affect users who use wired connection on the 5th floor. Since our wireless network feeds into our switched infrastructure at several locations in Soda, there will also be a couple of brief outages to the wireless network from floors 5-7 as well. I regret any inconvenience this may cause.

Please make your plans accordingly.