Minutes of Smathers
Middle Manager's Meeting
March 7, 2002
Present: Rich Bennett, Denise Bennett, Bill Covey, Gary Cornwell, Robena Cornwell, Trudi DiTrolio, Lori Driscoll, Carol Drum, Leilani Freund, Barry Hartigan, John Ingram, Jan Swanbeck, Carol TurnerNew Network Security Requirements
- DDD memo from Tigert Hall – the link to the long document - http://www.it.ufl.edu/policies/security/.
- There are quite a few changes that the Libraries will need to make to comply.
- The requirements will be auditable. The biggest impact will be on our record keeping.
- All workstations have to be authenticated – effective as of the date of the post – Tuesday, March 5.
- User ID and passwords will be required. Bill cautions that the 14-digit GatorOne password we have been using for authentication may not qualify, unless we can figure out a way to add a password. GatorLink IDs and passwords may be preferred.
- Non-UF people always prove problematic – libraries, kiosks & the museum are some of the few places that have to deal with this issue.
- The Xerox print-release stations are not currently authenticated. Then again, they are still Win’95, which is more problematic.
- Record keeping – will need to keep up with each machine’s primary user, IP address, building port and MAC address – at all times. If the interface card changes – we have to keep track of the number.
- This will require a noticeable increase in record keeping. Records must be reliable and those in charge of maintaining them must be responsible.
- Systems will more than likely keep track via the liaisons. The excuse of being “too busy” to keep up with the task will not be acceptable.
- The new requirements call for strong central control by Network Services “to the wall plate”. That would mean that they have control of the wiring closets as well as the switches.
- They are also considering charging a port fee for active ports. That could run us as much money as we spend on computers per year.
- What will be the benefit of the centralized control, record keeping and procedures? It is supposed to prepare us (UF) to be ready for the next step on the rung to high technology.
- There is a strong push to have single W2K/NT control that all departments would have to be a subset of – with some restrictions.
- A school with a good model of a working centralized control is Stanford – http://www-nt.stanford.edu.
- Our model is closer to that of Berkley – it is cheaper.
- Liaisons will have to do more record upkeep, updates and spot checks. It will probably require at least another 2-3 hours of their time per week. Those liaisons that haven’t kept up may find these requirements to be crushing.
- Who will be enforcing these requirements? The State Auditor as well as Network Services. There will be an ongoing comprehensive cycle of checks throughout the year. They rely a lot on automatic scans, though these often give false positive & false negative results.
- Will the rest of SUS be subject to these requirements? They will increasingly – Central Florida & FSU have already made inquiries.
- Liaisons will be informed this afternoon at the monthly meeting that they will be responsible for keeping track of MAC addresses, current users, IP’s, active & inactive ports.
- What is the possibility that the 14-digit password is not going to be adequate? Unknown, but the Libraries are on the top of the hit list due to public access. In the long run, we have to get out from under it. It will be hard to find an alternative.
- Why do they want their responsibility to go to the wall plate? Maximum control with little work. Right now their core access ends at the building. If it goes to the wall plate, they can take over switches and turn off ports.
- Wireless? They will control it as well, as a security provision. No walkup – current standard is obsolete. Far more advanced wireless standards exist. It is an outside standard that would probably require extra fees to obtain. We use wireless in the stacks and at LAD. Wireless, in general, is a security hole. This fact needs to be solved before we get anymore wireless.
- Open jacks in the conference rooms? All have MAC addresses – we can assign them to a port on the switch & they will only work in that location.
- The Directory Services Group is working on a campus-wide directory – anticipated to be in use by December ’02 – that will be the grand replacement for the Dean’s Menu, UF phonebook, etc.
- It will replace the use of SSN as the official UF ID.
- No departments on campus will be able to store SSN in their databases. All SSN must be purged from from all records. They cannot be retained; a new number that will become the new UF ID will replace them.
- The new ID will be a 9-digit number. Unsure how they will be issued right now. Items will be registered as well as people. Items will have letters instead of digits.
- The new ID will be issued to a broader range of people. Everyone that applies to UF, people who donate to UF, etc. will be issued an ID.
- They hope to have the test software available in July. Our Circ desk and other such operations should be able to issue the ID.
- This will require the modification of millions of systems on campus.
- Will this result in a modernization of the payroll system? Possibly, but there are lingering federal restrictions on payroll.
- There are many changes afoot.
Back to the Systems Homepage
Last updated March 13, 2002
by Debra Harris