CCC Home --> Meetings --> Minutes --> Meeting
Notes: February 19, 2004
C.C.C. meeting Notes:
February 19, 2004
CCC Meeting Notes
February 19, 2004
Location: Social Sciences Computing
Attendees: Smith, Jepson, Kovaric, Chang,Vaughan, Saberi, Frand, Kimmick,
Kopelevich, Snow, Riggs, Phelan, Deveyra
Absent: Kitch, Pine, Yano
Guests: Eric Crane (Anderson), John Degolyer (OIT), Majid Toossi (PDP participant)
1. Presentation on 5G Implementation
Anderson school described their success in implementing 5G Wireless.
Resolution: Frand will arrange for a presentation by the vendor.
Details:
At Anderson there was a conflict of interests between students who desired
wireless access everywhere and faculty who did not want wireless technology
in the classrooms due to worries about student cheating and inattention. To
push the issue, graduating students gave Anderson a gift for buying wireless
technology.
Anderson School of Management is a group of 6 buildings. The main device was
placed on one of the buildings. It covers 95% of the whole school and is able
to penetrate all 4 floors where wireless is needed. A secondary device was
placed to cover a 600-seat auditorium. The wireless network is working as expected
and is very powerful. To prevent wireless access in classrooms, separate APs
were placed in classrooms to capture signals to prevent them from reaching
the internet. This approach is about 99% effective. There are currently about
100 users, and this number is expected to reach about 200-300 concurrent users
in the future. Access is through the campus VPN which does not currently allow
guest accounts (which presents a problem). It was suggested that other North
Campus departments might want to explore using this technology collectively.
2. Update on the Wireless Standards Body
Kovaric reported that the body agreed to meet on a regular basis in order to
establish standards and assess wireless implementation. Everyone is invited
to the next meeting of the group.
3. Network Security
a) Implementation Issues
Degolyer spoke about implementation issues regarding Sophos, eEye software
and patch management.
Resolution: CCC needs to provide input on the implementation of these products.
Smith will send out a memo about services that need to be provided
Details:
Two models were presented with regard to the distribution of Sophos. The first
model was a central distribution model directly serving software to clients
from two redundant servers on separate connections. This model has evolved
into the current de facto standard, although ATS hadn’t recognized the
extent of responsibility that was being placed on it, and expressed concern.
Resnet and several other groups also provide their own distribution.
The second model is a distributed security model where units distribute software
locally. This model may also make sense for security software and patch management.
It was pointed out that vulnerability assessment is a critical issues. Ideas
and comments from the CCC are welcomed. Committee members were asked to think
about alternative solutions.
b) Policy Issues
Phelan presented a draft of the ITPB Security Policy Resolutions. Everyone
agreed with the general principles, but there was concern about numerous details.
Resolution: Smith will distribute a draft of more desirable wording for the
policy resolutions. This will be used as a starting point for next week’s
CSG meeting on the same topic. CCC members were encouraged to provide input.
Details:
Each of the five resolutions was reviewed. There was general agreement that
this is a very complex issue and that the timeline for policy approval is too
short. Concern was expressed that the first resolution could be construed as
assigning monetary liability to units. In fact, one unit had already created
an expensive problem. It was felt that rate limiting strategies along with
the implementation of QOS, was a preferable direction to go. Regarding other
resolutions, the concept of minimum standards was generally supported, but
it was clear that it will be complicated to establish these. The principle
of closing or limiting network connections to problem machines was supported,
but the problem of units using NAT, and the issue of reaction to infection
versus simple vulnerability was not considered. It was suggested that the policy
document should be focused on the joint nature of responsibility for network
security. As the document now stands, it seemed to some to be too punitively
focused.
4. Discussion of Sakai
Vaughan described the Sakai initiative and solicited CCC opinions.
Resolution: The CCC is supportive of participation in Sakai, and supports
the RFP process proposed by the FCET.
Details:
The FCET is funding UCLA membership in SAKAI. The FCET will soon discuss how
UCLA can best benefit from its participation. The answer to the question of
whether SAKAI will be an open source opportunity for UCLA, or parts of UCLA,
is unclear, but it is reasonable for the university to stay on top of developments
in the area. CCC supported the proposal of using internal RFPs to accomplish
Sakai related tasks. It was pointed out that Sakai is currently very Java oriented,
and that its full potential will depend on its ultimate ability to interact
with other systems. The Anderson school, in particular, expressed interest
in becoming involved with Sakai.
5. Meeting Minutes
Chang described the on-line CCC discussion about meeting notes. The general
conclusion was that meeting notes only need to list agenda items and major
points, conclusions, and resolution. Under this policy, notes, such as the
ones you are currently reading, may be unnecessarily detailed.
6. CCC Website (Marsha)
Smith offered ATS assistance to maintain the CCC website.
Resolution: The CCC gratefully accepted the offer.
|
