IAS Information Systems and Services

April 2004

Over the last nine months there have been significant changes in IT environment and policy at UC.

Increased threat posed by new viruses: It is common knowledge that an unprotected PC attached to the network at UC will be infected within five minutes. ISS has installed a system, which can be used to remotely update workstation operating systems when new virus threats are received. Currently we are not running it automatically but contact users before we update their system. However we don't have to run all over campus every week as we did last summer. 

Continued significance of issues surrounding privacy and appropriate use of computers: The problems associated with peer-to-peer file sharing of copyright protected data have increased. These issues are addressed in the attached Network Management memo of May, 2003.  The campus has been served with warrants for illegal usage and IAS members have been implicated.

Threats to Campus Network: Network bandwith monitoring done by campus and IAS ISS (for selected subnets)

SNS now practices immediate disconnection of devices from the network by the SNS group when a security problem is identified.

Networked Computer Policy: Campus has adopted a new policy on the Minimum Security Standards for Network Devices . Among other things this policy requires that all computer have currently supported operating systems, maintain current patches and updates, have separate logins for users and administrators and run virus checking and firewall software. A new campus-wide site license for firewall software has been negotiated and we are testing the installation and management of it on our IAS computers.  The policy has set a one year period for all computers to come into compliance. In the meantime they will disconnect computers if they cause trouble. After that they will actively scan for deficient computers and disconnect them proactively.   See also the Campus Information Technology Security Policy.  IAS ISS will be doing informal surveys of IAS units to make sure they will be able to meet the deadline for complying with these requirements.

Personal data security: Senate Bill 1386 and Assembly Bill 700, effective July 1, 2003, requires that the campus track all 'personal' information stored in campus computers. See: Berkeley Campus Plan Implementing the UC Requirements for Protection of Computerized Personal Information. Personal data is listed social security number, driver's license number, or financial account or credit card number in combination with any password that would permit access to the individual's account. The bill requires that people be notified if their data could have been improperly accessed.  Since our basic network traffic is not encrypted we can never be sure it hasn't been accessed. The additional security requirements for keeping this data may not be worth the effort.

Data Management Survey: The Campus Information Technology Security Policy states that "Each member of the campus community is responsible for the security and protection of electronic information resources over which he or she has control." To implement this policy all units will eventually have to do a data survey of the data they hold.  I'm working with the campus committee in charge of this policy to design a survey, which is tailored for IAS and is as easy and simple as possible. You may hear from us about this over the summer.

Campus audits include IT audits: The Campus auditors who do financial audits have added IT audits to their agenda. They ask questions to see if the unit is in compliance with campus IT policies and whether they have IT risks.

Conclusion:  These changes make it important that all workstations on campus have system administrators and be kept up to date with current operating systems.

AirBears Campus Wireless Network: The wireless network environment on campus has expanded substantially since last year due to a grant received by Prof. Philip Stark.  It is expected that Prof. Stark will receive a second award and a program to support further development of the wireless network will be initiated. Guest accounts for Airbears will be available by summer.

Campus wide login system: The CalNet AD (Active Directory) system set up by central campus for centrally administering access to shared Windows PC resources is functioning well. It provides an infrastructure for controlling logins to individual workstations and for identifying shared resources and authenticating users. It is linked to the campus CalNet system for authentication.. We have had good experience with migrating IAS units to this system.

Budgets and ISS management: We are keenly aware of IAS and campus budget issues. We assume groups may have to postpone projects and infrastructure improvements. However, we have to be careful not to end up spending more money to save money. Sometimes new machines are cheaper than keeping old ones up to date in the current environment. We are hoping not to raise our recharge rates and are happy to work with units to make sure your computing is managed efficiently and you make efficient use of our services.