IRIS

As part of the effort to continue to strengthen our IT security, and to comply with the campus requirement, our exemption from the campus Windows RPC services blocking will cease after Dec. 21, 2005.

This will impact remote authentication to our Windows Active Directory (ie. the “EECS” domain) from offsite. It will also prevent ALL remote mounting of coeus, project, or WinSWW from any Windows system. Some examples are listed here:

You will not be able to log in to the “EECS” domain with your account and password if you are on the internet.

You will not be able to map or mount any drives such as \\coeus, \\project, or \\winsww (or any of your research group shares).

You will not be able to access \\print directly.

You will not be able to access fontus.eecs.berkeley.edu (Exchange server) directly.

This block was put in place by campus SNS group at UCB border approximately two years ago. EECS has an exemption, but the exemption is expiring.

There are two ways to alleviate this impact:

1. Use “remote desktop” to log into hermes.eecs.berkeley.edu (or your own terminal server) and access your data. For more information on this, please follow this link.

2. Use the campus VPN service. This will give you an UC Berkeley campus IP address, and allow you to authenticate and access directly our resources.

If you have any questions, please contact help@eecs.

As previously announced on the Oct. 11 Town Hall meeting, EECS will be making some changes to its wireless service offerings:

1. Effective Nov. 1, 2005, campus Airbears service is now available throughout the entire EECS, including all floors of Soda and Cory Halls, BWRC, and HMMB (CITRIS and BID centers).

2. After Dec. 20th, 2005, the existing EECS guest wireless service will cease to function. EECS users with valid Calnet IDs can obtain Airbears guest wireless service for their guests, for up to one week.

3. Effective Jan. 2006, EECS will be offering an extended guest wireless service, with a nominal charge, for our guests that need wireless internet access for more than the 7 days offered thru Airbears. The registration process is done thru
https://guest.eecs.berkeley.edu. A valid COA will be required. Guest wireless service can be provided on a monthly basis.

For details, please direct your inquiries to help@eecs.

Nov. 15 2005 from 0600-0630, core router inr-202 will be reloaded to upgrade the software running on it. This is necessary for two reasons:

1. A recently announced vulnerability that is fixed in newer software;
2. A problem with incremementing error counters, on which CNS is working with Cisco’s tech support.

There will not be any prolonged outage, because this router is redundant with another, inr-201. However, there may be a brief disruption while routing converges.

********************************************************************

Title: Microsoft Security Bulletin Summary for November 2005

Issued: November 8, 2005

Version Number: 1.0

Bulletin: http://go.microsoft.com/fwlink/?LinkId=56129

********************************************************************

Security patches defined by Microsoft as “critical” or “important”
MUST be applied within 10 business days of notification. Should there
be active exploits, the time will be adjusted and users will be
informed appropriately. Hosts unpatched after the defined time are
subject to scanning and removal from the EECS network as per campus
IT security policies (http://socrates.berkeley.edu:2002/MinStds/).

Patching is sometimes dependent on the service pack level of the
Microsoft OS, and installed applications, please read requirements
carefully.

Critical Security Bulletins

===========================

MS05-053 – Vulnerabilities in Graphics Rendering Engine Could Allow

Code Execution (896424)

Impact: Remote Code Execution

Affected Software:

– Windows 2000 Service Pack 4

– Windows XP Service Pack 1

– Windows XP Service Pack 2

– Windows XP 64-Bit Edition Version 2003 (Itanium)

– Windows XP Professional x64 Edition

– Windows Server 2003

– Windows Server 2003 for Itanium-based Systems

– Windows Server 2003 with SP1 for Itanium-based Systems

– Windows Server 2003 x64 Edition

We are very pleased to announce that a second EECS computing/networking helpdesk is now officially established in Soda hall, room 313. The Soda Hall helpdesk will be open daily from 9 am to 5pm, and our onsite consultants will do their best to resolve all your computing and networking inquiries or facilitate other requests. You can also reach them via email (help@eecs) or phone (2-7777). Software will be available for checkout from the Soda Hall helpdesk as well.

The Cory Hall helpdesk (395 Cory) will continue to be in operation.

Please come to say hello to our helpdesk consultants when you get a chance. And if you have comments or suggestions, please let us know.

Microsoft will release their patches for the month on Tuesday, November 8, 2005. HERMES, PRINT, RIS and WINSWW will be down for patching the following Wednesday, November 9, 2005, from 3:00 – 5:00pm.

macserver.eecs.berkeley.edu, which hosts the Mac software warehouse, will be down for maintenance at this time as well.

The Oct. 11 townhall meeting was successful, thanks to those attended. A summary of the meeting is now attached. Since some of the target dates can slide, we will be sending out announcements when they are ready. Please also share this info with those that did not make to the meeting.

Attachment:  EECS-townhall-101105.pdf

The Department’s web server was experiencing some trouble communicating with the Oracle Calendar server, and was restarted several times today between 3pm and 5pm. Users may have noticed the web server was occasionally unresponsive during this period.

We believe it is stable for now. We will be making some configuration changes in the next few days to isolate the main server from the Oracle calendar processes to prevent such interruptions in the future.

We apologize for any inconvenience.

Oracle has just released their quarterly patch update, which contains fixes for some “critical” vulnerabilities. We will be taking our Oracle installation down on Thursday, Oct 20 at 5:30pm for patching. This is a very large patch and could take several hours to install, so I am scheduling 4.5 hours of downtime. I am hoping it will not take that long, but please do not plan on having access to the network database before 10pm Thursday.

This will affect all forms that are normally available on the IRIS network page.

Please send any questions to IMG.

-Rob

This coming Wednesday, 19 October 2005, from 6:00am to 8:00am, CNS will
be upgrading inr-201, one of two core routers in the campus network.
The other core router is inr-202. Inr-201 and inr-202 are
redundant routers, so the majority of campus network service will not be affected. However, the campus VPN service and EECS VPN service are attached to inr-201 only and will be out of service during the maintenance.

Note: This maintenance will not affect the VPN serving the OPTRS application.