DUKE ITAC - March 9, 2000 Minutes
March 9, 2000
Attending: Pakis Bessias, John Board, Kevin Cheung, Ken Hirsh, David Ferriero,Diane Reynolds, Patrick Halpin, Alfred Trozzo, Donna Hewitt, David Jamieson-Drake, Ken Knoerr, Roger Loyd, Melissa Mills, Caroline Nisbet, John Oates, Lynne O'Brien,Mike Pickett, Rafael Rodriguez, Robert Wolpert; Guests: Bob Currier (OIT), Rob Carter (OIT), Debbie DeYulia (OIT), Kathy Pfeiffer (SISS Project), Donna Giles (Graduate School and SISS Project), Chris Meyer (OIT and SISS Project), David Kirby
Review of Minutes and Announcements:
WEARABLE COMPUTING DEMO
John Board led this very interesting demo/discussion. IBM may market a wearable computer in a year, but can purchase today from other vendors. John's model is a Win98 pc, 640/480 screen resolution with screen about 3 inches in front of eyes, wireless 11mb network connection, Duke web site is up along with stock ticker. Designed for field maintenance, but company has thought through some consumer related issues. Looks too industrialtoday, but everything is here: keyboard on wrist, uses IBM ViaVoice to issues commands to a win pc,e.g., 'Open, Program, Windows Explorer' works reliably. Wireless range is about 100 ft, costs about $1k per transmitter so already fairly cost effective to cover a wide range. John was sure the Mac version would be prettier and more coloful. Ken Knoerr referenced a wearable TV; David Kirby has one of these too. David went on to say that wearbable computers can speed care and lower error rates in patient care environment so MC is exploring that. Patients expect medical staff to wear weird stuff.
WIRELESS COMPUTING WORKING GROUP REPORT
Bob Currier started the discussion of this with the good news that you can go to the Bryan Center and pick up a wireless network card and start computing. Now about to expand to library. For initial trial: BC, Perk, and the LSRC cafeteria. Range in the BC was increased using range extending antenna, and now coverage is ubiquitous in BC.
Dave Kirby indicated Duke North and South hospitals are also covered now.
Bob said they're looking to hand out 15-20 wireless network cards for a trial in the Perk, then go to the LSRC. Base stations are $1200-$1500, range extending antennas or changing to PTP increases costs, but still cheaper than wiring. 3com is low-end and supports up to 64 users per access point, but bandwidth per person drops off before the nominal ceiling is reached.
Dave Kirby pointed out that weak signal strength has good points: RF doesn't go beyond walls and tends not to interfere with other equipment.
Bob Currier indicated it would be best long term to support security the same way as we currently do, via login and secured services. For the initial trial access will be limited to cards expressly registered for that.
David Kirby discussed wireless phone technology now being explored in the MC.
the spring semester will be completed on the legacy systems while running parallel in PeopleSoft.
- live on SISS:
- all admissions except Med School,
- all financial aid offices except grad school
(which will go live next month),
- and all loan offices.
Kathy Pfeiffer led off with an overall update:
Next month a big 'go-live' on Records and Accounts.
In the midst of data conversion, particularly student records and financial records going back at least 10 years on students currently enrolled. Records and Financials will be live for summer and fall 2000;
Donna Giles on Graduate Admissions go-live: this occurred mid-November, later than hoped because of delays in implementing electronic and bubble form applications using an interface developed by University of Wisconsin. The good news is that it worked, so no manual data entry for Graduate admissions was required. The admissions cycle went well overall, though there were problems with GRE score search/match that were discovered midway through the admissions cycle. The other important area of support besides electronic data entry was the need to support a quarter to a third of departments that do their own computing support for their admissions. Finally what was provided to them was a data extract that required a high degree of sophistication for end users to employ. Besides this, the level of service provided to departments was comparable to past years and the work was completed within a couple of days of what it had been in the past.
Ken Knoerr indicated that distributed users had not had input to the process. Will end users be allowed to add fields to the system? They need to be able to respond to requests they get that require records not maintained by the central graduate school office.
Kathy Pfeiffer stressed that the initial implementation was targeted toward central offices and replacement of current functionality, but future phases will extend more to the departments. Also, the system has untapped flexibility that remains to be explored.
Donna Giles indicated she had become a 'believer' in this regard also.
John Board reminded the group that previous strategic planning for institutional data had urged that all institutional data should be coupled into one system.
David Jamieson-Drake indicated there was a data warehouse initiative underway,
Mike Pickett promised to invite Michael Gower, who chairs that initiative, to discuss this at a future meeting.
Kathy Pfeiffer went on to describe the web registration process that will soon be implemented. Students will be able to select courses and put them in a 'book bag' (an academic twist on web vendors 'shopping carts') and then submit courses to be registered for when their registration 'window' opens. Students have seen the prototype and responded to it very positively so far.Instructions for registration are on the web; URLs will be circulated. 16 modem lines have been added with 30 minute time limits and access restricted to registration hosts. Chris Meyer indicated 2-5 minutes is an average time for the registration process to be completed, if students have filled their book bags with courses prior to web registration. The book bags will open March 15, web registration will begin March 29. By the end of the first summer term students will be able to access their own records, check their financial aid, and check their account (student 'views'). Faculty 'views' would be available later in the summer.
Melissa Mills asked if there were links to the course synopsis detail, and the answer was believed to be yes. This info is currently available only for A&S, which had set this up linked to the ACES page already before SISS got started. It was believed other schools could certainly do the same thing.
Robert Wolpert asked if prerequisites will be enforced, and expressed the hope that they would not;
Chris Meyer responded that prerequisites will not be enforced at present, though unlike the legacy system the PeopleSoft system does support that if it is desired at some point in the future.
Mike Pickett summarized by indicating he felt the SISS team had done a great job.
SECURITY PLANNING AND ACTIVITIES
- logging in via Telnet,
- reading mail remotely,
- and ftp.
Mike Pickett turned this discussion over to Rob Carter and Debbie DeYulia. Rob led off by expressing the tension between security and usability. There have been increases both in attempts to hack into our network and in successes at same, primarily to use our systems to launch attacks against other institutions. One of the biggest security holes is passing secure data over the net in plain text, particularly passwords. This occurs most frequently in three cases:To address this, OIT is considering discontinuing open Telnet and replacing it with a secure channel.
There is a nationwide effort to get universities to implement SSH (Secure Shell) access to encrypt data formerly passed in plain text. SSH is already supported on ACPub, but so is (insecure) telnet. Before telnet can be cut off, SSH clients would have to be pushed out to all desktops. That will probably never happen, but the ratio of SSH to open telnet sessions should certainly radically increase. The fall would be a good time to start cutting back on unsecured telnet since at that time SSH can be distributed to students on the CD ROM disks given out to students.
Until recently restrictions on providing security software to foreign nationals made it impossible to freely circulate such software; these restrictions have been largely removed, except for providing 'strong encryption' technology to 7 forbidden countries.
It was agreed that spring/summer would be the time to lay the groundwork so that telnet access can begin to be cut back in the fall, otherwise people who run telnet sessions in batch work could be cut off without warning. Mike Pickett indicated that while the centrally supported clusters would have security put in for the fall, telnet would be replaced over the course of the following year, not immediately.
Robert Wolpert suggested a message pop up to unsecured telnet users warning them that they need to replace telnet with a secure access channel.
Kevin Cheung suggested turning telnet off in phases server by server, e.g., starting with Godzilla, to protect students working from Africa. Perhaps one server could be kept for 'last resort' telnet access.
Rob went on to discuss ftp, for which the replacement would be RCP or SCP. Unfortunately there are not a lot of good SCP clients currently for Mac and Windows. Need for SCP is declining since so many people can download software etc. off secure web sites. Still looking for good packages here. Not sure whether, e.g, WS FTP will be packaged on the CD ROM.
Melissa Mills pointed out that WS FTP can be 'tunneled' through SSH, and this is the policy in A&S already.
Rob also indicated OIT planned to circulate periodic security info to a closed group to provide security updates and a mechanism for sharing security 'best practices' across departments. A question with privacy implications is the possibility of logging network traffic so we can trace back serious events that may occur.
Rafael Rodriguez discussed security for remote access. He recommended grc.com, 'shields up' probes your network weaknesses and then explains what the problems are and what to do about it. Zone Alarm 2.0 is freeware distributed from that site to close security holes. Rafael also reviewed Norton's firewall ($39.95), which has extra features not all may desire. Ken Hirsh asked about 'Black Ice', and Rafael said that was also recommended but less stable in a windows environment.