NEW VPN ON UCINET:

A new device on the campus backbone provides additional security, especially for Windows users.

TECHNOEXPO A SUCCESS:

Hundreds attended the 2002 TechnoExpo to learn about technology services on campus.

FILTER YOUR SPAM:

SpamAssassin is now labeling messages that might be spam. You can configure your mail reader to process it automatically.

NACS has purchased a new device to offer yet another layer of network security for users of UCInet.

Called a VPN (for "Virtual Private Network") the new Cisco 3060 VPN Concentrator offers a wide range of security features, depending on how and where you use UCI network resources.The main purpose of the VPN is to allow desirable network traffic and to exclude unwelcome network access.

The VPN in operation is invisible to most users. Then only kind of traffic the VPN won't permit onto or off campus involves NetBIOS, Microsoft's proprietary network protocol. NetBIOS is used when accessing shared directories from Windows servers. Accessing Windows "shares" from off campus is inherently insecure, and has resulted in a number of serious network attacks.

In order to take advantage of the VPN, users will have to download and install a client application which works with the VPN to "tunnel" your network traffic through the barrier the VPN otherwise imposes. Permission to tunnel is granted after authenticating with one's UCInetID and password.

However, protecting the campus from insecure use of NetBIOS is not the only advantage to the VPN. All traffic may be routed through the VPN, at your discretion, in which case it is all encrypted to prevent "packet sniffing." Ordinarily, appropriately situated computers can watch ("sniff") network traffic, and possibly reconstitute confidential information such as passwords.

Also, use of the VPN can make your off-campus computer appear to be a UCInet host, which means you can access campus-only network resources (such as Library reference materials).

Since encryption and address translation impose a modest cost to the performance of the network, the VPN offers two modes of tunneling: full tunneling (in which case all traffic is encrypted by the VPN client, routed onto campus, and forwarded to its final destination) and split tunneling, in which case only traffic bound for UCI goes through this process. Activation of the VPN client and choice of tunneling modes can be made a boot-time option for permanently installed (desktop) systems but is not recommended for roaming (laptop) systems which may need different configurations in different places.

This may all seem complex. NACS is ready to help you examine how you use the network, and which option makes sense for your style of use. More information and examples of how to take advantage of various features of the VPN can be found at http://www.nacs.uci.edu/security/vpn.html

TechnoExpo a Success

On Thursday, September 19, over 500 campus faculty and staff came to Emerald Bay A-E in the Student center to learn about computing and network applications and services from over 40 campus and vendor exhibitors. Jointly planned and operated by Administrative Computing Services and NACS, this was UCI's biggest TechnoExpo yet.

Displays included help desks, accounting and administrative applications, campus databases and web sites, instructional technology support, and technology services. Those who missed it can still get some information from http://www.technoexpo.uci.edu/

This year's TechnoExpo also included over 20 presentations on a variety of topics, including the new staff portal (SNAP), the Data Warehouse, the CorporateTime campus calendaring application, and network security information.

If you have a computer or network-enabled service, consider participating in the next TechnoExpo, which we intend to be better yet!

Filter your spam

For those of you tired of spending 1/3 of your time with your e-mail deleting unwelcome advertising and other invitations, there is a new feature of the campus e-mail service which will help.

NACS has recently deployed SpamAssassin on the campus mail routers, which scans all incoming mail for telltale signs that a message may be spam. Based on its calculations, it will insert "header" information into the message which will provide a strong hint as to the nature of the e-mail message. (A header is a non-message part of an e-mail, such as the source of the e-mail, the time it was sent, the subject, and certain information about the kind of content in the "body" of the e-mail.)

These extra header lines can be seen by most e-mail readers, and you can configure your favorite application to automatically file or delete messages which meet certain kinds of criteria. Don't want to be invited to XXX web sites? Teach your application to toss them out! Don't want electronic junk-mail ("buy! buy!")? Toss it out!

Information on how to configure various popular e-mail readers in use at UCI can be found at http://www.nacs.uci.edu/email/spam-assassin.html