University at Buffalo - The State University of New York

"Because USB drives, sometimes known as thumb drives, are small,
readily available, inexpensive, and extremely portable, they are
popular for storing and transporting files from one computer to
another. However, these same characteristics make them appealing to
attackers.

One option is for attackers to use your USB drive to infect other
computers. An attacker might infect a computer with malicious code, or
malware, that can detect when a USB drive is plugged into a computer.
The malware then downloads malicious code onto the drive. When the USB
drive is plugged into another computer, the malware infects that
computer.

Some attackers have also targeted electronic devices directly,
infecting items such as electronic picture frames and USB drives
during production. When users buy the infected products and plug them
into their computers, malware is installed on their computers..."

~ US-CERT

Recently, attackers targeting the University took advantage of UB's
"SneakerNET" network. These infections are typically difficult to
detect because they don't leverage the network to propagate
themselves. With UB's new Network Security Event System ("UB SES")
compounded with the support of our operational security community
involvement, the University was able to detect and mitigate these
infections before they became an epidemic. This system allowed us to
apply targeted intelligence to the network and isolate hosts that
showed signs of this infection. This allowed the UB-IT professionals
to mitigate the issue before users could plug in their portable drives
and further spread this rather clever, retro-style infection.

References:

US-CERT: http://www.us-cert.gov/cas/tips/ST08-001.html
SneakerNet: http://en.wikipedia.org/wiki/Sneakernet

Dear UB Community,
Thank you for choosing OSS for all of your communication needs. Delivering connectivity is not just a business to us. We rely on our services too which explains why we are committed to earning your satisfaction.

From our family to yours, Happy Thanksgiving 2008!

Operational Support Services

Center of Excellence (COE) will soon become the Center of the Universe. COE has been designated as the new home to the communications hub that services the downtown campus. COE's conditioned facilities make it a suitable choice to relocate to. Plans are also underway to build a fiber loop connecting UB's campuses for added diversity.

Recognizing the campus’s 24x7 reliance on critical computing infrastructure prompted us to expand our support model beyond 9am to 5pm. Meet Brian, Vernon, Tony, Rich, Tom, Chuck, Matt and Adam – OSS’s 2nd and 3rd shift crews! While the rest of the campus sleeps, this group of first responders is prepared to cope with enterprise communications and computing system emergencies. Maintaining an on-site presence allows us to immediately detect and respond to service outages and conduct business during non-peak hours that would otherwise interfere with normal campus operations.

Last week the UB Spectrum network monitoring service was changed over to a redundant server configuration, and the Spectrum software was upgraded to the current release version of the Spectrum product.

Two primary benefits of these changes are a more robust architecture on which to run this service and an enhanced Spectrum web interface (OneClick) available from the OSS Network Tools webpage (http://netstats.cit.buffalo.edu/) – see ‘Spectrum Web Operator’. Monitored devices which are currently alarming are viewable using the (OneClick) web interface.

Also available from the OSS Network Tools webpage is a ‘Monitored Devices’ tool which provides an inventory of the devices monitored under the UB Spectrum network monitoring service.

To learn more about the UB Spectrum network monitoring service, or to arrange for the monitoring of a host or network attached device, please refer to the network monitoring service webpage (http://www.oss.buffalo.edu/Services/Monitoring/).

OSS welcomes the following new additions to the department:

• Andrew Baldi
• Anthony Casciano
• Marc Doull
• Leslie Evans
• James Giardina
• Brad Hilimon
• Matthew Marino
• Adam Pawlowski

Staff attrition and capital expansion plans have contributed to the need for more staff. This new class of talent complements OSS's existing family by adding leadership, experience, enthusiasm and depth to its ranks.

VoIPTrainer is an online VoIP telephone training tool available on-demand to the university community.  VoIPTrainer will quickly introduce you to the features of your Cisco IP phone.  Got a question? No problem. VoIPTrainer gives you  the answers you need when you need them.  Supported phone models include: Cisco 7905/7906/7911/7912/7961/7960/7941/7940/7914.

To access this tool, please refer to http://voip.buffalo.edu/VoIPTrainer/VoIPTrainerAccess_6_10_08.pdf

CIT currently monitors around 2,100 network devices, 370 servers, and 1,100 applications using a variety of monitoring tools. To correlate the data collected through these tools, and better coordinate responses to reported problems, CIT is working to implement an infrastructure monitoring event console using a solution from Groundwork Open Source, Inc.

The timeline for this project is as follows:
May 9 - Installation of GWMP and dashboard packages
May 15 - Console development completed
May 23 - Develop Remedy integration module
May 27 - Integration and testing
June 27 - Final integration and testing
July 1 - Documentation by vendor completed
July 11 - Delivery of documentation and training by vendor
 
Information on the Groundwork integrated infrastructure monitoring solution can be found at: http://www.groundworkopensource.com/products/professional/.

As a member of Internet2, the advanced networking consortium serving research and education, UB is eligible for the following benefits:

• Access to a nationwide high performance network infrastructure suitable for bandwidth-intensive applications
• Participation in community forums representing a variety of disciplines and interests including but not limited to science and engineering, health sciences, arts and humanities and K-20 education
• Collaboration and training opportunities that promote the understanding and adoption of advanced networking technologies

For more information, visit http://www.internet2.edu.

Continual expansion of campus IT services has required continually increasing amounts of server and storage hardware. Providing highly reliable and highly available services has led to the need for still greater amounts of supporting hardware, in the form of redundant and load sharing system architectures.

Until recently the Computing Center’s central machine room, which was originally designed in the 1980’s to support mainframe technology, has had the capacity to meet the space and infrastructure needs of these new systems.

But, that is no longer the case. The central machine room is now at capacity with respect to available conditioned power and cooling, and is very near its physical capacity for housing additional hardware.

To meet the power requirements of recent system builds CIT has been granted temporary use of one server room in the CCR’s previous Norton Hall facility. Planning efforts are also underway to determine how additional conditioned power capacity might be made available to the Computing Center machine room.

However, projections of future machine room requirements indicate that campus server room capacity will need to increase well beyond currently available facilities.