![[ UW home ]](css/uwlogo.gif)
Residence Access to Windows Terminal Server
Last month, a student complained that residence access to engterm (two terminal servers) consumed his off-campus quota. Resolved - Roger Watt added the two machines to the don't-count list and problem solved. We also placed the two servers in a special subnet dedicated for future growth of terminal services or other remote access purposes.
UW IT News
Possibly pronounced: Yoo-wit-nooz, the news page is something I would really like to see improved and advertised. There were several instances this month where I could have referenced it. Perhaps we should strike a subcommittee if others are interested. If not, I will proceed with an Engineering-only version.
Firewalling for Nexus Clients
The NIPFW firewall has been deployed in several faculty labs, including Science and Arts. The bandwidth management feature is particularly popular with administrators.
Securing Wireless Clients
Significant progress has been made on an agent to frisk incoming wireless clients.
The name has been changed to MinUWet (MIN-ewe-et), producing a pronounceable word (while avoiding modern sexist language issues).
When a MinUWet-enabled laptop detects its connection to the NAA, it acts as follows: it does a security analysis, updates virus definitions if necessary, and can announce its status in the hope of earning additional network rights from the NAA.
The next steps are to enhance the NAA to accept this advice, also to insert NAA code which would detect some less-annoying operating systems, and performing a wider test of the MinUWet client among volunteers.
MinUWet will form a part of my talk at WatITis, along with a few other interesting technologies.
Security Boundary of Active Directory
We have never allowed additional domains inside the Nexus/Apex Active Directory forest due to the hightened security risks. IST should follow similar advice for ADS/UWad, or at least describe the risks to those who currently trust ADS with important secrets.
While it is nice to trust, any compromise in these guest AD's, however they are managed, can easily compromise the ADS/UWad domains. Also, the number of accounts considerred Administrators on any domain in the forest is actually the sum of all Administrator accounts anywhere in the forest.