Full HTML for

Basic foilset NPAC Computer and Network Capabilities

Given by Roman Markowski at Tango Group Internal Technology Seminars on Spring 99. Foils prepared May 19 99
Outside Index Summary of Material

Overall of all Computers, Networks and Services in NPAC
  • Mail, Majordomo, DNS, WINS, Print, NIS, NFS, WWW, Databases, MBONE, Y2K
  • Policies
Recommendations in Security Area

Table of Contents for full HTML of NPAC Computer and Network Capabilities

 Denote Foils where Image Critical
Denote Foils where HTML is sufficient
1 NPAC Computer and Network Capabilities (Network Infrastructure, Services, Policies, Security Recommendations, Plans for Future)
2 PPT Slide
3 PPT Slide
4 PPT Slide
5 PPT Slide
6 PPT Slide
7 PPT Slide
8 PPT Slide
9 PPT Slide
10 PPT Slide
11 PPT Slide
12 10baseT - Twisted Pair
13 Twisted Pair category 5- wiring
14 PPT Slide
15 Services
16 Services
17 PPT Slide
18 MAIL
19 Majordomo Lists and E-mail Aliases
20 Majordomo Lists and E-mail Aliases
21 DNS - Domain Name Service
22 WINS
23 PPT Slide
24 PRINT
25 NIS - Network Information Service
26 NFS - Network File System
27 NFS - Network File System
28 WWW
29 DATABASES
30 MBONE
31 MBONE
32 Y2K
33 Polices
34 Recommendations (1)
35 Recommendations (2)
36 Recommendations (3)
37 Goal

Outside Index Summary of Material

HTML version of Basic Foils prepared May 19 99

Foil 1 NPAC Computer and Network Capabilities (Network Infrastructure, Services, Policies, Security Recommendations, Plans for Future)

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
Roman Markowski
IS Manager
Northeast Parallel Architectures center
HTML version of Basic Foils prepared May 19 99

Foil 2 PPT Slide

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
HTML version of Basic Foils prepared May 19 99

Foil 3 PPT Slide

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
HTML version of Basic Foils prepared May 19 99

Foil 4 PPT Slide

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
HTML version of Basic Foils prepared May 19 99

Foil 5 PPT Slide

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
NPAC Facility
FDDI
ATM
Fast Ethernet
Ethernet
Wireless
T1/T3
Modem
ISDN
Protocols
Services
LAN Backbone
LAN and WAN (NYNET)
High performance LAN
Shared and Switched
Inter-building
Internet access
Dial-in
Dial-in
TCP/IP, Appletalk, NetBEUI
RIP, multicast
DNS,WINS,NIS,PRINT,
NFS,WWW,Oracle,FTP
SGI Challenge L 8xR10K
1.6 GB RAM, 50 GB HDD
IRIX 6.2
Ultra SPARC 8 workstation
(2 processor) ATM OC3c,
256 MB RAM, 12 GB HDD
Sun Ultra 450 3 workstations
4 x UltraSPARC II 300 MHz
1 GB RAM, FDDI, 30 GB HDD
Workstations
Auxiliary Infrastructure
Bridging, Switching and Routing
Gigaswitch - switched FDDI
4x ASX 200 - ATM OC3, TAXI, ATM25
PowerHub 7000 -ATM, FDDI, FE, Ethernet
2x LANplex 2500 - switched ethernet
Cisco 4500 - ISDN BRI
Subnets: 3, 7, 8, 14, 21, 51, 67, 117,
144, 162, 163, 164, 165
Sun Solaris 2.5.1, 2.6. 2.7
SGI Irix 5.3, 6.2, 6.3, 6.5
PC Windows NT/95/98
Linux RedHat 5.2
Networking Technologies
Compute Engines
HTML version of Basic Foils prepared May 19 99

Foil 6 PPT Slide

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
HTML version of Basic Foils prepared May 19 99

Foil 7 PPT Slide

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
HTML version of Basic Foils prepared May 19 99

Foil 8 PPT Slide

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
HTML version of Basic Foils prepared May 19 99

Foil 9 PPT Slide

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
HTML version of Basic Foils prepared May 19 99

Foil 10 PPT Slide

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
HTML version of Basic Foils prepared May 19 99

Foil 11 PPT Slide

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
HTML version of Basic Foils prepared May 19 99

Foil 12 10baseT - Twisted Pair

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
HTML version of Basic Foils prepared May 19 99

Foil 13 Twisted Pair category 5- wiring

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
HTML version of Basic Foils prepared May 19 99

Foil 14 PPT Slide

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
HTML version of Basic Foils prepared May 19 99

Foil 15 Services

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
MAIL
  • postoffice.npac.syr.edu (128.230.7.230; sendmail 8.9.3, POP3, IMAP4, majordomo)
  • mail.webwisdom.com (128.230.14.254; SMTP, POP3)
DNS - Domain Name Service
  • directory.infomall.org (128.230.7.250)
  • osprey.loc.npac.syr.edu (128.230.164.130)
WINS - Windows Internet Name Server
  • heracles.npac.syr.edu (128.230.21.130)
  • ventana.npac.syr.edu (128.230.21.161)
PRINT
  • circus.npac.syr.edu (UNIX)
  • ventana.npac.syr.edu (PC)
NEWS - DNEWS
  • news.syr.edu
  • crpc2.npac.syr.edu (do not use it !)
HTML version of Basic Foils prepared May 19 99

Foil 16 Services

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
FTP - Anonymous File Transfer Protocol
  • ftp.npac.syr.edu (outback.npac.syr.edu)
    • users, projects, docs; NO write access; WU-2.4.2
    • ftp://ftp.npac.syr.edu/pub/{users|projects|docs}
NFS - Network File System
  • acrux, becrux, thuban, regulus, pecan, walnut
  • acrux, becrux, thuban, regulus - must be upgraded
WWW
  • www.npac.syr.edu (outback) - Apache 1.3.0
  • www.infomall.org (nhse) - NCSA 1.5.1
  • hound.npac.syr.edu - Apache 1.1.1
  • asknpac.syr.edu (sunrise) - Apache 1.2.5
DB
  • sunrise.npac.syr.edu - Oracle 7.3.3
  • carver.npac.syr.edu - Oracle 8.0
  • sandman.npac.syr.edu - Illustra
HTML version of Basic Foils prepared May 19 99

Foil 17 PPT Slide

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
HTML version of Basic Foils prepared May 19 99

Foil 18 MAIL

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
postoffice.npac.syr.edu
  • Sun Ultra-2 2x200 MHz UltraSPARC processors, Solaris 2.6, 512 MB RAM
  • sendmail 8.9.3, port 25/TCP
  • antyspam mechanism enabled
  • NFS /var/spool/mail - not recommended
  • POP3, port 110/TCP (Qualcomms qpopper 2.53)
  • IMAP4, port 143/TCP (Uni of Washington + pine 4.05)
  • majordomo, ver 1.94.4 for mailing lists
  • Clients: netscape, outlook express, pine, mh, eudora
HTML version of Basic Foils prepared May 19 99

Foil 19 Majordomo Lists and E-mail Aliases

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
account-request - to request account on NPAC computers
fyi-demos - to inform people about important demos
fyi-everyone - to inform everyone with active NPAC account
fyi-npacsoft -for installers to inform about software installs, removals and upgrades
fyi-onsite -to inform NPAC onsite users (ie located at CST) about local issues
gra - to contact strudents (TAs, GRAs); alias for fyi-ra majordomo list
hostmaster - to request IP address, new DNS domain , changes in NIS or DNS
mgr-demos - to request resources and avoid conflicts during demos
mgr-npacsoft - for anyone to suggest / request a software install or report bugs
npacsoft - to discuss npac software with EVERYONE
HTML version of Basic Foils prepared May 19 99

Foil 20 Majordomo Lists and E-mail Aliases

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
operations - to inform Business Office and Systems
printers - to report problems with printers and request actions
project-leaders - project leader's discussion list
supplies - to request purchases
systems - to contact systems
travel - all travel related requests
webmaster - to contact webmaster
% mail majordomo
  • lists
  • who "listname"
HTML version of Basic Foils prepared May 19 99

Foil 21 DNS - Domain Name Service

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
Critical component of the Internet; maps names to IP addresses; mail exchanger; global directory service
Clients use resolver to access DNS servers
BIND - Berkeley Internet Name Domain - most common DNS
DNS servers query each other to resolve names
Client
Local
DNS
Company
DNS
COM
DNS
Root
DNS
www.company.com
HTML version of Basic Foils prepared May 19 99

Foil 22 WINS

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
NetBIOS - Network Basic Input Output System
NetBEUI - NetBIOS Extended User Interface
NetBIOS names can be resolved to TCP/IP addresses in 2 ways:
  • LMHOSTS file
  • WINS - Windows Internet Name Service
NAME resolution:
  • hosts, DNS, lmhosts, WINS
128.230.21.130 (heracles), 128.230.21.161 (ventana)
HTML version of Basic Foils prepared May 19 99

Foil 23 PPT Slide

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
HTML version of Basic Foils prepared May 19 99

Foil 24 PRINT

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
Unix: print.npac.syr.edu (circus)
  • Sun SPARC 10 with 64 MB RAM
  • runs freeware "netatalk" to send output to appletalk printers
PC: ventana.npac.syr.edu
Unix /etc/printcap, freeware lprng
  • lpr -P printer file; lprm -P printer jobnumber, lpq -P printer
  • enscript -P printer file (genscript)
IP: dali, davinci, goldberg, cezanne, rockwell,raphael
AppleTalk: degas, winslow, owasco, norman
problems report to printers@npac.syr.edu
HTML version of Basic Foils prepared May 19 99

Foil 25 NIS - Network Information Service

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
Local, distributed database
not design as secure system
NIS maps: hosts, passwd, group, ethers, netmasks, protocols, netgroups, services
ypwhich; ypcat hosts
yppasswd - disabled
normal users should not have access to `ypcat':can use `ypcat' to list all usernames, hosts
one master server, several secondary servers
  • medialab (162), brickyard (117), kopernik (117), newton (162), sandman (162), timberland (14), osprey.loc (164), outback (144), clyde (144), acrux (7), pecan (7), mordillo (117)
NIS+ is completely rewritten (very complex)
HTML version of Basic Foils prepared May 19 99

Foil 26 NFS - Network File System

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
allows directories physically located on one system (file server) to be mounted on another (client)
server must export directories to allow access by clients (/etc/exports, /etc/dfs/dfstab, /etc/exportfs)
client must mount: /etc/vfstab, /etc/fstab
/etc/exports : root=host:... - allow remote superuser (UID=0) access to listed hosts (bad !)
UIDs and GIDs must be consistent between NFS clients and servers to prevent unauthorized access
HTML version of Basic Foils prepared May 19 99

Foil 27 NFS - Network File System

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
do not export directories that contain critical files
carefully assign ro,rw,access,root options
acrux, becrux, thuban, regulus, walnut, pecan
incompatibilities between various file systems
moving from old file systems to new file systems
AFS, DFS, VERITAS file system (integrated with networker)
Windows can Share disks (SMB - Server Message Block)
  • security issues
HTML version of Basic Foils prepared May 19 99

Foil 28 WWW

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
www.npac.syr.edu (outback.npac.syr.edu)
  • Sun Ultra Enterprise 2, Apache server 1.3.0
  • FDDI, ethernet
  • /usr/local/archives/public/html
  • do not use as additional disk space !
  • report problems to webmaster@npac.syr.edu (Deepak)
www.infomall.org
  • nhse.npac.syr.edu
  • /infomall/tenants/company
Apache, Netscape Enterprise/FastTrack, NCSA, Oracle Web server
clyde is not used as web server
HTML version of Basic Foils prepared May 19 99

Foil 29 DATABASES

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
sunrise.npac.syr.edu / asknpac.npac.syr.edu
  • Oracle 7.3.3 - not Y2K complient
carver.npac.syr.edu / class-sever.npac.syr.edu
  • Oracle 8.0
sandman.npac.syr.edu
  • Illustra
osprey7, osprey8, witch
SP2, kayak - do not exist
HTML version of Basic Foils prepared May 19 99

Foil 30 MBONE

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
MBONE - Multicast backBONE
MBONE is a virtual network built on top of the Internet; The purpose of MBONE is to minimize amount of data required for multipoint audio / video-conferencing
MBONE is free; it uses network of mrouters that can support multicast
Many older routers do not support multicast; to avoid this we must set up tunnels on both ends; multicast packets are encapsulated in unicast packets and sent through a tunnel;
MBONE uses a small subset of 224.0.0.0 - 239.255.255.255 MBONE uses 224.2.0.0 for multimedia conferencing
MARILYN: mrouted, /etc/mrouted.conf
  • tunnel 128.230.162.18 207.41.200.99 metric 1 threshold 64
HTML version of Basic Foils prepared May 19 99

Foil 31 MBONE

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
Characteristics:
  • topology: combination of mesh and star
  • IP addresses: 224.2.0.0
  • routing schemes: DVMPR, MOSPF
  • session registration: IGMP protocol
  • traffic requirement: audio 32-64 Kbps, video 120 Kbps
MBONE tools:
  • videoconferencing: vic -t ttl destination-host/port &
    • (supports: NV, H.261, CellB, MPEG, mJPEG)
  • audioconferencing: vat -t ttl destination-host/port &
    • (supports: LPC, PCMU, DVI4, GSM)
  • whiteboard: wb destination-host/port/ttl &
  • session directory: sdr &
HTML version of Basic Foils prepared May 19 99

Foil 32 Y2K

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
many software tools are built with two-digit date field that won't respond to the Year 2000 change.
All SGIs, Suns and PCs must be patched
  • Irix 5.3 Irix 6.5
  • SunOS 4.1.3 Solaris 2.6
Oracle 7.3.3 not Y2K complient
PCs: Service Pack 4, BIOS
backups
routers
HTML version of Basic Foils prepared May 19 99

Foil 33 Polices

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
ROOT password
WWW server registration
ACCOUNT request
SYSTEM HELP
Polices
HTML version of Basic Foils prepared May 19 99

Foil 34 Recommendations (1)

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
Security Policy - I
  • strong account management
  • use difficult passwords; close accounts with weak passwords
  • computers must be logged-out or locked when employees are away from offices
  • account should be deactivated after a certain period of inactivity
  • check traffic logs regularly; use scanning tools: tiger, SATAN, crack; install firewall and filters in routers
  • install security patches from vendors, newest versions of software
  • use encryption (ssh, scp, slogin)
  • disable unix r-commands, finger, tftp, etc
  • carefully install anonymous FTP (read only!)
HTML version of Basic Foils prepared May 19 99

Foil 35 Recommendations (2)

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
Security Policy - II
  • do not use world writeable files; limit unsuccessful logon attempts
  • use digital signatures; delete PHF programs
  • install security tools: Tripwire, COPS, TCP wrapper packages
  • define the level of acceptable risk and responsibility
  • design the rescue procedure after your system is compromised
  • look for tools installed by the intruder (packet sniffers)
  • look for trojan horses (modified programs, like login)
  • read security news comp.security.announce, comp.security.unix, alt.security, and apply security recommendations (CERT)
  • monitor Web and e-mail servers - the most commonly exploited weaknesses
HTML version of Basic Foils prepared May 19 99

Foil 36 Recommendations (3)

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
Intruder detection checklist
  • check /etc/hosts.equiv, .rhosts
  • look everywhere for unusual or hidden files with names like `...', `.. `, `..^G'
    • find / -name ".. " -print
  • check your systems for unauthorized use of a network monitoring programs (sniffers)
  • examine all files that are run by `cron' or `at'
  • inspect /etc/passwd, /etc/inetd.conf, last login
  • examine all machines on the network for signs of intrusions
  • check system binaries to make sure that they haven't been altered (login, su, telnet, ifconfig, ps, ls, find, du, df, netstat)
HTML version of Basic Foils prepared May 19 99

Foil 37 Goal

From NPAC Computer and Network Capabilities Tango Group Internal Technology Seminars -- Spring 99. *
Full HTML Index
Improve
  • security (firewalls, filtering), software protection
  • performance (bottlenecks)
  • polices: strong account-, e-mail and intellectual property policy
Support (new) technologies
  • multicast, layer 3 switching, VLAN layers 1,2,3
  • QoS, RTP, RSVP, 802.1p/q
Simplify infrastructure (maintenance and management)
  • reduce number of accounts (backdoors)
  • limit number of : protocols (TCP/IP, NetBEUI); LAN technologies (Ethernet ??); platforms (Sun , SGI, PC)
  • reduce operating systems (Windows, Solaris, Linux, Irix)
  • services (DNS, MAIL, PRINT, few HTTP, Oracle)
  • Integration Unix-Windows (account management, printing, file sharing)
  • smaller, independent groups (with common infrastructure)
© Northeast Parallel Architectures Center, Syracuse University, npac@npac.syr.edu

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Wed May 19 1999