MMM Minutes 11/07/02

Minutes of Smathers
Middle Manager's Meeting
November 7, 2002

Present: Gary Cornwell, Robena Cornwell, Trudi DiTrolio, Lori Driscoll, Carol Drum, Leilani Freund, Erika Hirsch, John Ingram, Tom Minton, Cathy Mook, Jan Swanbeck, Carl Van Ness
IT Security Policy
  1. We have been given a deadline of December 1st to write a security plan. It is an increasingly ill-defined plan – the Web site on compliance is frequently changing.
  2. One of the most troublesome items was the provision that all managed posts be professionally controlled. But that clause has now disappeared.
  3. We will try to submit a plan that confirms the most recent post.
  4. This will require a lot of documentation on our part.
Security Incident
  1. October 30 – one of our public workstations sent out abusive email on two occasions. They were directed at a local school board official.
  2. After tracing the ID, the person found was an unlikely suspect. A second possible suspect was identified, but, in all probability, the ID was stolen.
  3. The Net Abuse people have been contacted. We are still sorting out the procedure in these cases.
  4. We are obligated to know who is on the machines and report them if necessary.
  5. Public IDs – need to make sure they are indoctrinated on use/abuse, etc. We need to make it clear. Will also try to educate the staff. Will need to start enforcing auto-lockup. Will probably have to police it in order to protect the network.
  6. Unattended workstations on the upper floors – not sure if we’ll be able to keep them unattended.
  7. We may have to manually sign-on to all workstations. No need to panic now; we’ll see what happens.
  8. We’ll probably wait until we have one authentication source working on all UF systems.
New Online IT Resource Request System
  1. A new online ordering system is ready to be released to test work units.
  2. It is to be used to institute a request for hardware or software.
  3. Anyone in a given department can make a request, but it has to be approved by the chair of the department.
  4. Once the departmental chair has approved, it moves on to Systems then Library Purchasing.
  5. This will provide people with a positive way to track their orders online.
  6. It is Web accessible with a Library sign-on.
  7. We will try it out for 2-3 weeks with the test units, then release it to all departments by the end of the year.
  8. Systems will demo it for each unit to show how it works.
Viral Attack on Mail Server
  1. Server was bombed with email that looked like you sent it to yourself and it contained some gibberish about a virus.
  2. It was coming in at a rate of about 1 per second.
  3. It is what’s known as the braid virus – it gets your address book, has its own mailer and sends it directly.
  4. The source was external to the Libraries. If it’s internal, it spreads even faster.
  5. We did not have a disruption of mail service.
  6. We will probably see more of it. Theoretically, we have tight enough defenses to catch it at the central receiving point.
  7. Home computers need to be up with virus protection.
MSL Staff Training Classroom
  1. The computers have been delivered.
  2. The furniture situation for that room is uncertain.
Central Core Internet Service Attack
  1. Eight of the thirteen servers were hit. The remaining three servers were able to handle it okay.
  2. The attack originated in central Asia.
  3. It’s unlikely that homeland security people will be able to regulate people to keep their security up-to-date.
  4. Anytime a machine is always on, it is easier to take over. Cable, DSL – must be cautious.
  5. Microsoft has made it easy with their auto updates to keep the machines up to date, security-wise.

Back to the Systems Homepage
Last updated November 15, 2002
by Debra Harris
debharr@mail.uflib.ufl.edu