Header Search Widget

IRIS

Instructional & Research Information Systems

IRIS website down for maintenance, May 18, 8-10am

by

The campus Oracle service will be patched this weekend, and so some EECS Services which depend on Oracle will be unavailable from 8am to 10am on May 18th. These include the IRIS website (including the Network and Roster applications) and ACG’s departmental applications.

Services should resume by 10am at the latest.

Details can be found at [the campus system status website](http://ucbsystems.org/?s=2954)

Resolved as of 2014-05-18 09:15:00

May 2014 Server Patching

by

Microsoft will release their patches for the month on Tuesday, May 13th, 2014.

PRINT and WINTERM will automatically patch and reboot Wednesday, May 14th, at 3:00 am.

WINTERM may be unavailable till 10:00am Wednesday, May 14th, depending on additional software updates.

Resolved as of 2014-05-14 09:54:00

Department Mailing List Server reboot 11pm April 8

by

The Department’s mailing list server, lists.eecs, will be down briefly tonight for emergency patching. This is to patch the operating system against the [Heartbleed SSL vulnerability](http://heartbleed.com/).

It will be rebooted at 11pm on April 8 and should be back up by 11:30 at the latest. No mailing list messages will be distributed during this time but no messages will be lost.

Resolved as of 2014-04-08 23:30:00

Did you check your https server for the OpenSSL “Heartbleed” vulnerability?

by

The InCommon Certificate Program Manager provided the
following recommendation –

“– *IF* you had servers that were vulnerable to this attack, after
updating the OpenSSL code as required, please note that you should ALSO
replace the public/private keys and associated SSL/TLS certificate
associated with that server/those servers, revoking the earlier (now
potentially compromised) SSL/TLS certificate(s).

— We would also encourage you to review the configuration of each
SSL/TLS server using the excellent
evaluation page (note that you can check the box “Do not show the
results on the boards” should you desire to do so).

As part of reviewing those results, we encourage you to consider
enabling ciphers that support Forward Secrecy (see
for basic background)

— As part of managing the risks associated with this incident, you
may also want to consider additional remedial steps, depending upon
the content that may have been potentially intercepted on a
vulnerable server (whether on-site or off).

For example, if there’s a possibility that passwords were exposed,
you may want to consider whether you’ll need to reset or reissue
those once the system has been updated and secured.”

References:

Cert OpenSSL ‘Heartbleed’
vulnerability (CVE-2014-0160)

Cert Vulnerability Note VU#720951

OpenSSL advisory
The Heartbleed Bug

Campus vulnerabilty notice

is the Comodo SSL Analyzer
a web based SSL Analyzer

Changes to EECS LDAP Access from off-campus

by

On Tuesday, April 1, 2014 IRIS will begin restricting access to the EECS LDAP directory server (`ldap.eecs.berkeley.edu`) from off-campus IP addresses. This will primarily affect people who use email programs such as Thunderbird, Outlook or Apple Mail that are configured to auto-complete email addresses from our directory. This will not affect people using the bMail web interface.

At this time, anonymous queries are allowed against the EECS LDAP directory, but searches are restricted to no more than 100 results. Unfortunately this configuration still allows an anonymous query to retrieve some details about a specific person, such as their email address, phone number or advisor. To mitigate this, after April 1 only authenticated queries will be allowed when coming from an off-campus IP address. For the purposes of this change, “off-campus” means an IP not in the any of the following ranges:

  • 128.32.0.0/16
  • 169.229.0.0/16
  • 136.152.0.0/16
  • 172.16.0.0/16
  • 10.16.0.0/16

Those who need continued anonymous access to the directory from off-campus can use the [campus VPN](http://ist.berkeley.edu/node/591), which will give their off-campus machine a campus IP address. Those who need to run queries that return unlimited results can bind to the directory using their EECS credentials, or an “application” account can be created if needed.

We expect this change will affect a small number of people, but if you have any concerns or questions please contact the IRIS helpdesk at help@eecs.berkeley.edu.
[Read more…] about Changes to EECS LDAP Access from off-campus

EECS Network Scheduled Outage on Mar. 29 2014

by

We will be having a large scheduled outage of the EECS network in order to physically relocate some core devices as Phase Three of a project to overhaul the EECS network core. This maintenance will occur between 10AM and 6PM on Saturday, March 29, 2014. We do not anticipate the outage to last for the full eight hours, but extra time has been allotted in case of complications.

Expected impacts of this outage include:

– Internet connectivity to all EECS Wired buildings* will be offline
– Soda Hall wired and wireless networking will be entirely offline
– BWRC will be isolated from EECS and unable to access the Internet or EECS network resources
– Wireless networking in EECS Airspace** will be unavailable (the networks will continue to be visible in some locations, however the underlying network services will be offline)
– EECS Wired buildings other than Soda Hall and BWRC should retain connectivity and access to EECS network resources (filers, AD, etc.), but to reiterate, the Internet connection will be unavailable.

We apologize for any inconvenience that this maintenance will cause. For any questions or concerns about the maintenance, please email networks@eecs.berkeley.edu.

Thank you, IRIS Network Group

*EECS Wired buildings are Soda, Cory, and Sutardja Dai Halls, and the BWRC

**EECS Airspace includes Soda, Cory, Sutardja Dai, Calvin, and Blum Halls, as well as the Sibley Auditorium, Hearst Memorial Mining Building, and BWRC
[Read more…] about EECS Network Scheduled Outage on Mar. 29 2014