Channel, Issue No. 39

(1)

Channel

October 2003, Issue No.39

What's inside ...

● Recent HARNET & Internet Upgrade

● Recent Security cases (SoBig.F, Welchia, Blaster, etc.) ● Network Firewall Enhancements

● Beware of Copyright Infringement on the Internet ● Computer Barns Upgrade

● Campus Portal Development ● Get Ready for "Signed Email" ● MobileNet Development Updates

● Further Savings for UST Telephone Lines ● IT Classroom Enhancements

● Notebook Program 2003 ❍ Survey Results ● PC Linux Cluster

(2)

Channel

Channel - October 2003, Issue No. 39 Network Systems Team

Recent HARNET & Internet Upgrade

The Internet access of HKUST is going through the Hong Kong Academic & Research Network (HARNET). A major

re-engineering upgrade on the HARNET has been completed this summer. The following sections summarizes the major changes and improvements brought forth to HKUST.

Increase in Internet Bandwidth

The recent upgrade provides HKUST with the following speed advantages:

● Higher international Internet bandwidth - 155 Mbps shared among HARNET member institutions, upgraded from 96

Mbps.

● Faster HKIX Connectivity - Up to 100 Mbps of bandwith to/from Hong Kong sites (via HKIX or Hong Kong Internet

eXchange), upgraded from 40 Mbps. HARNET now has a shared HKIX connection capable of supporting 1 Gbps speed, upgraded from the previous 100 Mbps.

● Up to 10 Mbps of dedicated bandwith between HKUST and each HARNET member institution.

Change in Core Technology

The HARNET backbone has now been migrated from an ATM-based network to a Metro-Ethernet based network, which provides the following merits:

● Lower cost of ownership, freeing up budget for more international Internet bandwidth ● Allow future bandwidth expansion of up to 1 Gbps

The Upgrade

The upgrade was carried out in several phases from Jul 27 to Aug 17, during which the following changes were conducted:

● Installation of gigabit Ethernet fiber links among institutions and HARNET data center ● Upgrade of HARNET core router from Cisco 7513 to Cisco 7606

● Upgrade of Internet router of each institution from Cisco 7206 to Cisco 7603 ● Installation of Cisco 7206vxr router and 1 Gbps link at HKIX

To enjoy the increased bandwidth, the following upgrade was done on the HKUST side:

● Installation of higher power Internet firewalls

● Upgrading border network to support 200 Mbps with a series of network switch changes

(3)

(4)

Channel

Channel - October 2003, Issue No. 39

WWW & Server Technology

Recent Security Incidents / Cases

What happened?

In the summer, you probably have heard the news about the widespread of viruses (W32/SoBig.F, W32/Welchia, W32/Blaster, etc) all over the world. Many worldwide companies and institutions are affected by the virus attack and some

universities/colleges were needed to shutdown part of their network to prevent

further spreading. Industry experts even revealed that viruses may have contributed to the cascading effect of the Aug 14 blackout in United States.

A special thing about the recent virus attack is the technique being used to spread the virus. Usually, a virus spreads itself via infected email attachments, e.g. the W32/SoBig.F which comes in an email with subject like "Thank you", "Details", etc. Users will have to open the email attachment in order to get infected.

However, for recent viruses like W32/Blaster and W32/Welchia which make use of a vulnerability in Microsoft Windows operating system (mainly in Win XP or Win 2000), to attack machines over the network. Unlike the usual virus-spreading technique through email attachment, this time users will not need to open any email but just if their machines have not installed the latest security "patch" from Microsoft, they will have a great chance to get infected straightaway.

What we did?

To protect and also provide help to our users in the recent incidents, the followings have been in place :

● To prevent further attack from outside parties, our network firewall has been

configured to block several incoming network ports.

● To prevent email virus spreading through our email server, our email firewall

has blocked all those virus-bearing messages. During the peak period, over 80,000 virus messages have been blocked daily.

● To protect our users, once our firewall or Intrusion Detection System detect

any problematic machine, we will take a proactive approach to contact the user or the department support staff to rectify the problem immediately.

(5)

Microsoft, those patches are made available on our Download Server. During the peak period, Microsoft web site were not even accessible at all.

● etc, etc ...

How our setup and design helped?

ITSC has always been taking an active role in proactive and preventive measures like defining campus border router and firewall configuration, implementing Intrusion Detection System, installing anti-virus software on our email servers, etc.

However, in order to maintain a stable and secure computing environment, it is advisable that every one of us, including computer system administrators, software developers, advanced users and general end users, should take appropriate

precaution against various possible forms of cyber attack.

End users are recommended to update the anti-virus software on their machines, install the latest Windows / Office patches, etc. New viruses are coming out

everyday and maybe in any new form. It'd be better to prevent a problem from happening at all than to remedy the damages after it occurs. It is sure that a secure IT environment can be achieved with the efforts from everyone of us.

(6)

Channel

Recent Network Firewall Enhancement

In our last Channel issue there was an article on "Network Security Infrastructure" which briefly outlines the approach we use to mitigate network security threats in our campus environment. Based on such a rationale, the ITSC has, over the past

summer, accomplished the following security enhancement:

● upgraded our high-availability Internet firewall system with newer hardware

and software release

● installed additional firewall enforcement points within our campus

Our users may recall the recent security incidents of MSBlaster and Welchia worms, and their impacts across the globe. Though we know there is still no panacea to fully combat such kind of worms, we have made use of our network firewalls to filter out malicious network scanning and confine the spread of the worms. For instance, during the peak period of these 2 worms, we have successfully stopped more than several millions of malicious probes on a daily basis. No doubt this helps to

minimize the impacts thus caused in our campus environment.

(7)

Channel

Beware of Copyright Infringement on the

Internet

At the beginning of the new academic year, the ITSC would like to draw your attention to the utmost importance to respect intellectual property rights and

beware of possible copyright infringement on the Internet.

Here in Hong Kong, the Business Software Alliance (BSA), a representative anti-piracy organization promoting a legal digital world, has been actively working with IT vendors to protect copyright infringement. BSA is constantly spotting illegal

distribution of licensed software on the Internet, and demands any violating party to take prompt remedial actions. Legal actions may also be taken for some serious cases.

Locally there were also precedent cases of successful court's ruling on claimed infringement. In fact similar campaigns are happening in other parts of the world. For instance, the Recording Industry Association of America (RIAA) has been stepping up efforts in combating illegal file trading services in U.S. universities and colleges as well as Internet Service Providers (ISP).

At HKUST, we understand that some popular peer-to-peer (P2P) applications are being used in campus by our users for file exchange purpose. While utilizing such applications, please note that sometimes we may be unknowingly distributing

copyrighted software, music, movies, or things alike. Here we would like to remind our users to take caution of this, and observe our Acceptable Usage Policy as stipulated in the following web page:

http://www.ust.hk/itsc/account/aup/

Please note that distributing or downloading copyrighted materials on the

Internet without permission from the copyright owner is illegal, and is liable to infringement lawsuits. Below please find what a good "netizen" should comply

with:

● DON'T download illegal/unlicensed software

● DON'T download copyrighted works (like music, songs, movies, etc.) without

permission from the copyright owner

● DON'T distribute copyrighted materials on the Internet through various means

(8)

● BE CAUTIOUS when using file-sharing or file-swapping software

For your own good and to protect yourself, we appreciate if you can take serious attention in this matter.

(9)

Channel

Channel - October 2003, Issue No. 39 Miss Theresa Lo, [email protected]

Computer Barns Upgrade

It has definitely been a very busy time during this summer for our colleagues. The following enhancements were made in the Computer Barns to welcome the new academic year of 2003/2004:

Hardware Upgrades

PC Upgrade in Tang Shiu Kin Computational Lab (Barn B)

In order to provide a high performance computing environment to the students, we have successfully negotiated with the vendor for an affordable price to upgrade the PCs in one of the three Computer Barns - Tang Shiu Kin Computational Lab,

despite of the tight budget situation. We have replaced the Pentium III PCs together with their 17” CRT monitors, the old aged Unix Workstations and Macintoshes, with a total of 100 units of new Pentium 4 PCs with 15” LCD monitors.

The configuration of the new PCs is:

Pentium 4 – 2.4GHz CPU with 512 MB memory, 40 GB Hard disk and a CD-RW Drive

So, where will the swapped out Pentium IIIs go? As some of you may be aware, we have redeployed some units to Computer Barn C, to replace the retiring Unix

Workstations and Macintoshes. As for the remaining swapped out Pentium IIIs, they will be used in the upcoming months to upgrade the Barns’ Express Terminals and the Express Stations around the campus areas.

Scanner Upgrade

In the recent months, the three old scanners in Barns A and C have deteriorated and had frequent hardware failures. These scanners were purchased back in Nov 1997 and have been in use in the Computer Barns for over 6 years. As they are no longer cost justified for repair, we have purchased new ones to replace them. The new scanners are of model - HP ScanJet 4500C, which is the same model that is currently used in Barn B and already familiar by the students.

Software Upgrades

(10)

all PCs (except ones in Barn A’s teaching area, which needs to cater special

teaching requirements) have been migrated to Microsoft Windows XP and Microsoft Office XP Professional environment.

Environment Enhancements

We aim to provide a clean and comfortable working environment in the Computer Barns. To give a fresh start to the new academic year, we have:

● Revamped the Network cablings in Computer Barn B

● Washed the carpets in Computer Barns A & C with the help of EMO office

and replaced with new ones in Barn B

(11)

Channel

Campus Portal Development

ITSC is now setting up a Campus Portal (namely MyPortal) based on the uPortal

implementation from Java Architectures Special Interest Group (JA-SIG) to enable convenient and effective communications among HKUST members. Within the

Campus Portal, user can view personalized information, from a variety of sources, in one convenient place. With the infrastructure being build up, departments can

develop web contents specific to their users and incorporated into this Campus Portal easily. In fact, the uPortal framework has been employed by many institutions of higher-education like Cornell University, Yale University, etc.

With the portal technology, users can

● Choose their preferred content.

● Get their custom page and put it in one place. ● Select preferred page layout, etc.

General purpose contents such as Local Weather, Personal Bookmarks, News Announcement will be provided at the beginning stage while more and more user specific contents will be added in due course. For example, we are now working with Center for Enhanced Learning & Teaching (CELT) to provide contents on their

teaching and learning activities / projects such as "WebCT", etc. Interested

departments are most welcome to discuss with us on how to deploy your services onto the Campus Portal.

Please watch out our announcement on the latest development of the Campus Portal.

(12)

Channel

Get Ready for "Signed Email"

"Signed Email" is like ordinary emails we send everyday but with sender's digital signature attached to it. It can provide assurance of sender's identity and is analogous to a letter with a hand-written signature but in a digital format.

With the rollout of new HKUST Staff/Student Card, users can now apply for a Personal (Smartcard) e-Cert easily on the web and use it to send "Signed Email". You may like to send a signed email if you would like to assure your recipients that an email message really came from you. For example,

● Sending announcement to all staff or students.

● Sending important message to a large group of users via mailing lists, etc.

Be Prepared to receive "Signed Email"

On receiving a "Signed Email" from other HKUST users, most common email clients like Netscape, Outlook, etc can verify the sender's identity for you automatically. But before this can be done, you will have to accept our HKUST Certification Authority (HKUST CA) Certificates once in your email client as a trusted party to perform digital signature verification. In fact, the HKUST CA Certificates have already been installed in all the PCs in our computer barns.

"Signed Email" may get popular among HKUST community and hence, it is

recommended for you to install the HKUST CA Certificates to your email clients (on machines both in office and at home). Details on how to install the HKUST CA Certificates can be found at:

http://www.ust.hk/itsc/pki/process/accept.html

"Signed Email" Support in HKUST WebMail (Coming)

Although users can send "Signed Email" with email clients like Microsoft Outlook, Netscape Messenger, it would be more convenient to send "Signed Email" using HKUST WebMail, without the trouble in configuring any of the email clients.

ITSC is now at the final stage to implement "Signed Email" support in HKUST WebMail. Please watch out our coming announcement.

(13)

Channel

MobileNet Development Updates

In the past summer ITSC has further extended our MobileNet coverage by installing additional 5 wireless access points (or so-called base stations ) to the following locations:

● IT classrooms 2504, 3007 & 3008 ● S.H. Ho Sports Hall

● University Briefing Room (G024)

Over 70 wireless access points are installed in campus to cover public areas including library, catering outlets, major teaching venues, and student common areas. Each access point allows up to 15-20 users to connect to the campus network concurrently. Below please find a brief summary of the latest wireless MobileNet coverage:

● Library - Being the most popular locations for wireless MobileNet access,

Library is installed with a total of 13 access points, providing good signal coverage for all library seating areas except some blind spots.

● Lecture Theaters - All the 8 lecture theaters (A-H)

● All 17 IT Classrooms - Rm.1402, 1403, 1505, 2302, 2303, 2306, 2405,

2407, 2464, 2465, 2503, 2504, 3006, 3007, 3008, 4333 & 4334.

● All 10 Compact IT Classrooms - Rm.1401, 1504, 1511, 2304, 2404, 2406,

2502, 3301, 3401 & 3412.

● Computer Barns - All 3 computer barns (A, B & C)

● University Center - 3 access points are installed to serve UC Bistro, Quiet

Lounge, Staff Lounge, and Multi-purpose Hall.

● Catering Outlets - Canteens (G/F, LG1, LG5, & LG7), Coffee Shop as well

as UC Bistro

● Miscellaneous - Atrium, Academic Concourse, LG4 Student Common

(14)

You are welcome to send in your suggestions on other locations where we should provide this service. For further details of our MobileNet service, please refer to its home page at:

http://www.ust.hk/itsc/MobileNet/

(15)

Channel

Channel - October 2003, Issue No. 39 Miss Christine Cheng, [email protected]

Further Savings for UST Telephone Lines

Following the recent tendering exercise, the Sub-tender Board has approved to appoint Hutchison Global Communications (HGC) as the telephone services provider, for price performance and cost savings for HKUST.

HGC would provide telephone services to UST's telephone lines (including PABX extensions, fax/direct lines in offices of the academic building) with a special offer on monthly line rental charge.

With the Hutchison coming into services after mid July, we expect further savings be attained for the University as a whole.

(16)

Channel

Channel - October 2003, Issue No. 39 Mr. David Shiu, [email protected]

IT Classroom Enhancements

ITSC has recently made further enhancements in I.T. classrooms.

Six new I.T. classrooms

First of all, six ordinary classrooms have been upgraded as I.T. classrooms during the summer vacation, namely - Rm.2304, Rm.2404, Rm.2406, Rm.2504, Rm.3007 and Rm.3008. These classrooms are now equipped with Video Projectors and Presentation PC. These new I.T. classrooms are also equipped with a front-side notebook connection panel, providing easy to use connection for Instructor's notebook.

New LCD monitors

At the same time, we have also replaced the old CRT monitors in all I.T. classrooms with LCD monitors. Unlike the old monitors which are not adjustable with this

viewing position, the new monitors are now mounted on adjustable LCD mounting arm. This allows our instructors to adjust the LCD monitor to a suitable angle for this teaching position.

(17)

Channel

HKUST Notebook/Desktop Ownership

Program 2003

Same as last 4 years, the ITSC has organized in the new academic year a computer ownership program for the university community. The program is worked out based on the feedback of the May online survey, and with the support from the Students' Union and Purchasing Office. Two rounds of roadshow and order taking were successfully held, one in August and another one in early September.

This year the overall response is particularly overwhelming, with over 3,400 notebook computers sold (as at early October), with 74% notebook order from students, 19% from staff, and 7% from alumni. The 3 most popular notebook models are: T40/1.3G (32%), X31 (27%) and T40/1.5G (20%) , which already contributed to almost 80% of the overall orders.

Please note that this one-time limited offer is valid till 31 October 2003 and while stock lasts. For further enquiries and order placement, please contact PCCW's 24-hour service hotline at 2888-3338. Details of our program is available at the

following website:

http://www.ust.hk/itsc/cop/

(18)

Channel

Summary Findings of Notebook/Desktop

Ownership Program Online Survey

Back in end of May this year the ITSC had conducted an online survey to solicit feedback from students and staff on their purchase requirements on notebook and desktop computers. We received a total of 1,278 responses -- 249 from staff and

1,029 from students. The survey findings had served as a useful reference for the

organising task force to plan for the HKUST Notebook/Desktop Ownership

Program 2003.

Presented below is a brief summary of the major findings out of this survey:

● Preferred Brand Name - over 27% of staff and students regard Sony as their

most preferred notebook brand name. For desktops, our users are more willing to buy clone instead of branded system.

Most Preferred | | V Least Preferred Notebook Desktop

Students Staff Students Staff

Sony Sony CLONE Dell

IBM IBM &

Toshiba

IBM CLONE

Toshiba Fujitsu Dell IBM

Fujitsu Dell HP/Compaq HP/Compaq

Samsung Samsung Acer Acer

Dell Acer -

-HP/Compaq HP/Compaq -

-NEC NEC -

Acer - -

-Remarks: Though Sony is generally regarded by both students and staff as the

most preferred notebook brand name, Sony could only offer us relatively much lower discount level to their high-priced notebook models.

(19)

● Take Out Desktop PC Offer From Program - More students and staff favors

retaining the desktop PC offer in this program.

Take Out Desktop PC Offer? Students Staff Agree 34% 31% Disagree 42% 41% No Concern 24% 28%

● Preferred Notebook Price Range:

Price Range Students Staff

Below $6,000 8.2% 3.6% $6,000 - $7,999 18.1% 12.0% $8,000 - $9,999 34.2% 32.3% $10,000 - $11,999 25.2% 25.0% $12,000 - $13,999 10.3% 14.3% $14,000 - $15,999 2.7% 6.6% $16,000 or above 1.3% 6.2%

● Preferred Desktop Price Range:

Price Range Students Staff

Below $4,000 21.7% 19.8% $4,000 - $5,999 37.0% 29.2%

$6,000 - $7,999 30.3% 26.0% $8,000 - $9,999 7.0% 9.4% $10,000 or above 4.0% 15.6%

● Choice of Operating System - the majority of users prefer Windows XP

(20)

Windows operating system:

Operating System

Notebook Desktop

Students Staff Students Staff

Chi XP Home 14.3% 11.1% 20.0% 12.8% Eng XP Home 6.4% 8.2% 4.8% 6.4% Chi XP Pro 44.5% 31.4% 47.0% 39.4% Eng XP Pro 30.8% 44.9% 22.7% 38.3% Others 4.0% 4.4% 5.5% 3.1%

● General Selection Criteria of Notebook Computers - the majority of

staff and students regard the following as more crucial criteria in notebook selection: ❍ Lower price ❍ Reliability ❍ Slimmer size ❍ Lighter weight ❍ Built-in wireless

(21)

Channel

Unix Support Team

PC Linux Cluster

With the fast-advancing low cost and high performance personal computer (PC) systems and high speed networks, the PC Cluster provides a cost-effective

alternative for parallel/distributed computing solution. PC Cluster means to make a set of commodity PCs to be a coherent parallel cluster working as a supercomupter.

ITSC has facilitated a low cost experimental PC Cluster with 4 compute nodes and one interactive node which is for program development and job submission. The aim is to let user identify if their research problems can be solved with the parallel

computing paradigm. If yes, they can consider to proceed to set up the production Cluster themselves for the research or to run the application with other production Cluster on campus, provided that resources are available. The experimental Cluster facility is to try to alleviate the set up overheads for various potential research group in the university community. More information about PC Linux Cluster can be found at

http://www.ust.hk/itsc/unix/pccluster/

If you have any questions or suggestions on the Cluster, please email to [email protected]

(22)

Channel

Unix Support Team

New Changes in Unix Servers for

2003-2004 Academic Year

In order to enhance the Unix services, ITSC has implemented the following in the new academic year.

Operating System Upgrade

The operating system of the staff and student Unix servers have been upgraded from Solaris 2.6 to Solaris 9. The new operating system provides the following enhancements:

● support updated versions of commercial software like SUN ONE Studio

Compilers, Matlab and Mathematica

● provide improved reliability and security ● support 64-bit computation environment

● support new versions of public domain software

Solaris 9 provides upward compatibility and programs compiled in the old operating system should be able to run transparently in the new environment. There is a rearrangement of Unix servers and more information can be found here .

Enhanced Software Environment

Updated versions of commercial and public domain software are provided in the new environment and the details are described here .

Migration of User Home File System

Previously, the staff and postgraduate home directories were supported by Andrew File System (AFS) which was originally designed to support a distributed Unix environment. With the diminishing number of Unix workstations and high cost of maintaining AFS, ITSC decides to migrate AFS to traditional Unix file system. Advanced user can refer here on details of the migration.

(23)

If you have any questions or suggestions on ITSC Unix environment, please contact our Unix Support Team .