IT to Install Campus Network Firewall
In the past year, UW has seen numerous attacks on systems connected to our
computer network, including the notable Code Red and Nimda "worms." We
also saw attacks from other worms, viruses, and Trojan horses, many causing
significant damage. The compromised systems were used to spread the attacking virus
and disseminate pirated software, pornography, copyrighted material, and other
illegal items. Some systems were used to send unsolicited email, or spam, to other
sites using the university’s uwyo.edu address as the originating sender. Other UW
systems were used to launch incapacitating "denial of service" attacks on
other systems. Compromised UW systems sometimes created so much Internet activity
that they consumed much of the university’s bandwidth, severely restricting the
bandwidth available for legitimate Internet access. UW personnel resources were also
wasted as Information Technology staff and campus users spent many hours tracking
down and repairing compromised systems.
To reduce the number of such attacks and defend against them, IT is installing a campus network firewall. Just as a physical firewall prevents fire from spreading by isolating sections of a building, network firewalls isolate parts of the network from each other. The firewall prevents outside systems from gaining access to systems behind the firewall while allowing the internal network to contact the outside network. Servers that need to receive communication from off campus, such as university Web servers and mail gateways, are run on systems that are hardened against malicious attacks. The firewall provides protection from outside attacks because the attacker can no longer reach a system behind the firewall.
The installation of the firewall will have several effects on University of Wyoming campus networks, departments and individual users. Implementing a campus firewall is a large undertaking that will require coordination between various departments and Information Technology. The firewall solution will be implemented in stages to minimize inconvenience and the disruption of service. A firewall will require a change in the way some things are done. For example, once the firewall is installed, off-campus users with an outside Internet service provider (e.g., MSN, AOL, Juno and others) will have to use the new Virtual Private Network (VPN) server to gain secure access to the university network. This will require special software, a VPN client, on the user’s off-campus computer (see "VPN Server Installed" in this issue). UW network services and applications available through a Web page interface will not need the VPN client. The initial stages of the firewall implementation will begin this fall. As the firewall project progresses, IT will keep users informed of changes through www.uwyo.edu/firewall/, this newsletter, emails, and the UW Partners Program.
The installation of a firewall, while providing an increase in security, does not relieve users from the critical task of keeping their computers and systems secure. To keep systems as safe as possible from attack, users still need to stay current with the latest security patches and anti-virus software. They also need to use recommended security practices. See "Protecting Your Desktop – How You Can Help" in this issue for further information on how to protect personal computer systems.
You may notice several references to the Windows XP operating system in this edition of ITNews. Does that mean Information Technology now supports Windows XP? The answer is a resounding yes!
IT has completed its testing and evaluations of Windows XP Professional, which offers added security, a more intuitive interface, and better remote accessibility from your laptop or home system. (A delay in releasing Windows XP was caused by not being able to get updated virus protection software from our vendor. That software was made available to the campus a few weeks ago.)
Windows XP features include a helpful new tool called System Restore. With System Restore you can completely remove recently installed software or software upgrades that cause your system to behave erratically. System Restore allows you to return, or "roll-back," your computer to a previous functional configuration – a configuration with no traces of the recently installed software. Windows XP Pro is also the most reliable version of Windows to date, integrating the NT and 2000 system and security architecture with an easier-to-use interface. For mobile wireless users, wireless support is built into the operating system.
The Windows Update feature will also give you peace of mind. This tool automatically checks whether a system is as current as possible, keeping the operating system up-to-date, bug free, and secure. There is no need to remember to check for updates, or wonder where the correct Web site is located. Windows XP Pro does it automatically.
For students, Windows XP Professional made its debut in the IT-maintained UW student computer labs this semester. Faculty and staff are encouraged to update computers that meet the system requirements for Windows XP Pro (for system requirements see www.microsoft.com/windowsxp/pro/howtobuy/ upgrading/sysreqs.asp). The Windows XP Pro software is available from the UW network without cost to UW colleges and departments. Contact your user consultant for more information or assistance.
On behalf of the Division of Information Technology (IT), I would like to welcome all new and returning faculty and staff to campus. All of us in IT are committed to providing you with quality service and support for your technology needs, including software applications, computer hardware, networking, telecommunications, and computing laboratories.
IT provides the infrastructure and support to make your job easier. We strive to provide you with reliable service so that most of you will seldom have to think twice about your computers and many of the other technologies you use. Our goal is to make technology as transparent as possible – it’s simply there and always ready for your use. This summer we have made upgrades to UW’s network and computing facilities. You will see from this newsletter we are continuing to make UW systems and networks more efficient and secure.
I would encourage you to contact IT at 766-4357 (766-HELP) whenever you have questions about our services or need assistance. Our Web site, www.uwyo.edu/infotech, describes IT services and provides the latest recommendations on hardware, software and other items. I can be reached at 766-4860 if you run into problems. We welcome your comments and suggestions.
IT provides many software products to its customers over the UW network. These
applications develop through lifecycles of upgrades, enhancements, and fixes. When a
newer version of the product is available we attempt to pass those improvements on
to the customer. As the new versions appear and we continue to "house"
multiple, older versions, the space on our servers begins to diminish. We also find
ourselves struggling to support multiple versions of the same software package.
Do you feel like you now spend more time deleting unwanted email than you did a year ago, or even a few months ago? These days, "spam," or unwanted junk mail and adult-content messages, plague almost everyone who uses email. Recent accounts indicate that spam has increased nation-wide by 450 percent over last year’s levels.
The technology for detecting and blocking spam continues to improve. This fall Information Technology will be evaluating commercial software that prevents the delivery of spam, with the ultimate goal to stop spam at the central gateway for UW email. This process would resemble what we already do to block email containing viruses. With such a block in place, most spam would never reach your inbox.
In the meantime, here are some tips that may reduce the amount of spam delivered to your inbox. Unfortunately, the steps are likely to reduce, but not eliminate, the undesirable messages.
Tip 1: Sign up for an alternative secondary email account through a third party. (Providers like Hotmail or Yahoo! offer free email services.) There are different ways for spammers to obtain your email address, but two of the most frequent are Web site registration and listing your address on marketing materials. If you give your email address to a site (such as an online catalog), you run the risk that thousands of companies, some of them unscrupulous, will obtain it. Marketing companies often compile email addresses into a database and then sell them to other companies and spammers. The best way to prevent your primary UWYO address from ending up in the hands of spammers is to consider carefully the companies you give your address to. Don’t list your primary address when filling out marketing details for promotions, warranties, free offers, online use, software downloads, or other sales and ordering information. Instead get a secondary email account for this use. When selecting a secondary account, choose a provider who offers virus scanning for attachments. Two free services that provide virus scanning are www.hotmail.com and www.yahoo.com.
Tip 2: Be very selective when replying to an unsolicited email, even if the message claims to unsubscribe you from a list. In many cases the sender is attempting to confirm the email address and will continue to send junk mail if they receive a response. Often the "Reply To" address is simply forged. Look at the Reply-To address. Does it appear to be a legitimate company? If it doesn’t don’t reply.
Tip 3: Keep your email address off of Web pages, chat rooms, and Usenet groups. Some computer programs have the capability to harvest email addresses from Web sites. If you need to have an email address listed on a Web site then consider using a graphic representation of it instead of text. Graphics are ignored by the scanning programs. Type the email address in a graphic editor such as Microsoft Paint and save the address as a bitmap or .jpg graphic file. If you must post to chat rooms or Usenet groups, use the secondary account mentioned in Tip 1.
Tip 4: Use Outlook to filter and manage email messages. You can filter messages based on a list of email addresses for companies that send junk and adult content. Contact your user consultant for help. To automatically move junk mail from your Inbox,
If an unwanted message is not filtered and reaches your Inbox, right click on the message and choose Junk E-mail from the menu. This will add the sender’s email address to the list of junk email and adult content filters.
Additionally, Outlook can search for commonly used phrases in messages and automatically move them from your Inbox to the Junk E-mail folder, your Deleted Items folder, or any other folder you specify. The list of terms that Outlook uses to filter suspected junk email messages can be found in a file called Filters.txt.
When you first begin using these features or when you make modifications to them, you should review messages that are automatically removed from the Inbox to verify that wanted messages are not accidentally removed.
For more information about avoiding and managing spam and using the Outlook
filters,talk to your user consultant or see Microsoft’s advice at
by Roland Miller, Computer Support Specialist, Geology and Geophysics and Steve Jackson, Master Technician, Information Technology
Information Technology now offers a better way for campus Macintosh users to read and send email. The Microsoft Exchange email servers, which are dedicated to faculty and staff, can be accessed by Mac users through IMAP.
Receiving your email from Exchange has several advantages over receiving your email from ASUWLink:
The following questions are often asked by Mac users who have already migrated to Exchange.
Q. Will I get a new email address or keep the old one?
A. You will keep your current address (firstname.lastname@example.org).
Q. How long does it take to change from ASUWLink to Exchange?
A. 24 to 48 hours.
Q. Will I lose any email, or will messages to me "bounce back" (returned to the sender undelivered)?
A. None of your email will be lost or bounced during the transition.
Q. Will I still have an email account on ASUWLink after the transition?
A. Yes, your existing ASUWLink email account will remain on the server; however, new email will be automatically directed to your new Exchange account.
Q. Will my email that’s already on ASUWLink be moved to Exchange?
A. No. You’ll need to forward any email that you need from ASUWLink to Exchange. Contact Steve Jackson (766-2749 or email@example.com) for other options.
Q. Can I use my current email software?
A. Yes, as long as it will allow you to connect via IMAP.
Q. Can I gain access to Exchange via POP?
A. Yes, however IT recommends and supports connections via IMAP only.
Q. Why does IT recommend and support only IMAP?
A. IMAP means that your email resides on the Exchange server instead of on your local Mac so you can’t accidentally delete it. It also means you can read and reply to your email from anywhere with a Web browser via Outlook Web Access.
Q. Is there a full Outlook client for the Mac like there is for Windows?
A. Yes, it is called Outlook 2001 for Mac. It is a free download from Microsoft, however it is not officially supported by IT. (See Editor’s Note Below)
Q. Whom can I contact for more information?
A. Steve Jackson (766-2749 or firstname.lastname@example.org) is available to answer your questions.
If you are ready to switch to Exchange and have no questions, please call 766-HELP (6-4357), Option 1, to request the change. If you don’t have a UWYO account, ask that one be created along with an Exchange account. If you already have a UWYO account, simply request that an Exchange account be created. Your email preference will also need to be changed from ASUWLink to Exchange. If you do have questions, the Help Desk, user consultants, and Steve Jackson are available to assist you.
Editor’s Note: IT does not support any Mac client including the Mac Exchange client. IT recommends that Mac clients use IMAP on the Exchange servers since Windows Exchange servers support enhanced SMTP (ESMTP).
Today’s networked world provides endless resources to computer users for academic, administrative, research, teaching, remote support, and technology purposes. It also poses a threat to anyone connected to the Internet and that means almost every computer on the University of Wyoming campus. Information Technology created the IT Security Office due, in part, to an increase in computer hacker attacks on UW systems. These attacks have resulted in hackers commandeering some UW systems. At times, hackers have even installed and run unwanted services on a given user’s computer, using that computer to deliver illegal material.
To help stem this growing problem, the IT Security Office will soon be implementing a new campus-wide security infrastructure (see "IT to Install Campus Network Firewall" in this newsletter). User consultants have also developed a standard configuration for the Windows operating system that should enhance the security of personal desktop systems. The Security Office, together with user consultants, will work to protect computer systems on campus. Newer systems are more secure than older systems, though they require periodic updating. As the user consultants visit older systems, they will check them to verify that security software and settings are up to date. But they need your vigilance. To help keep your desktops and laptops, new and old, secure, follow the guidelines listed here:
Contact the IT Help Desk at 766-4357 (6-HELP), Option 1, for assistance with any security questions. Your data and security are a top priority.