1) IDP at MSU Thousands of times each day, would-be intruders launch attacks against computers connected to MSUnet. One recent test revealed 158,000 attacks on MSU computers in a single day. To help combat these attacks, Intrusion Detection and Prevention (IDP) services are now monitoring the campus network and preventing known attacks from reaching their targets. For more information about the IDP service, please visit http://help.msu.edu and search for knowledge base article 5567, "Intrusion Detection and Prevention (IDP) Services at MSU." Sometime within the next several days, a notice to this effect will go out to the entire MSU community. _____________________________________________________________________ 2) DDC mailing on technology improvements Vice Provost Gift has sent a memo to Deans, Directors, and Chairs outlining recent technology improvements. Following is a copy of the text: 31 August 2005 MEMORANDUM TO: Deans, Directors and Chairs FROM: David Gift SUBJECT: Start-of-school technology services and support update, 2005 As we begin the new academic year there are a number of items regarding changes to technology services and support resources to report to you from Libraries, Computing and Technology, summarized in this memo. Please share this information with your faculty and staff. Thank you. Helpline now staffed 24x7 In recognition of the ever-growing variety and use of online academic programs and services, and of MSU's growing student populations in foreign countries and engaged in study abroad, the Helpline (800-500-1554 or 517-355-2345 from most locations) now has regular staffing around the clock, 7 days a week, with very rare holiday exceptions. This new staffing pattern has been in place since 1 May 2005. While the number of overnight calls has historically been very small, it is growing, and LCT wanted to be ahead of this trend and prepared for future growth. vuDAT supports development of hybrid instruction This is not a change, but a reminder that the Virtual University Design and Technology group provides support and assistance for development of "hybrid" or "blended" instructional models (i.e., partially online and partially face-to-face), as well as for development of entirely-online programs. Contact information and a range of informational resources are available on the Web at vudat.msu.edu. Intrusion detection and prevention added for network security Intrusion detection and prevention (IDP) services have been added to MSUNet to enhance network and computer security. IDP works a lot like virus scanning, by inspecting network traffic for signs of known malicious code or malicious behavior, but is far more comprehensive than virus scanning alone, and applies to all network traffic both inbound and outbound at the point at which the IDP is applied. These services are operated according to guidelines for trusted network and host computer security (http://www.msu.edu/au/#trusted_network), and are being installed at the campus border to the Internet and within the MSUNet backbone. As an illustration of the need for this technology, the border IDP has recently identified as many as 16,000 attack signatures per hour. While IDP will not eliminate network security problems, it should help to mitigate them a great deal. Computer users and system administrators still are encouraged to use local security tools (virus scanners, firewalls, etc.) appropriate to their needs and in appropriate ways. IDP is a complex and relatively new technology. We already have found instances in which regular uses of systems have been identified and blocked as malicious by the IDP services. We will need to make adjustments over time to the IDP rules to appropriately balance security effectiveness and appropriate systems use practices. Units having questions about the MSUNet IDP or who believe their systems or regular network usage may be adversely affected by the IDP should contact Tom Davis, director of Academic Computing and Network Services (353-6727). Sensitive data management LCT is collaborating with the Controller's Office, Internal Audit, and units all across campus to enhance University-wide management of sensitive data. Earlier this summer several resources were distributed to all units, including a form to guide the development of awareness of local uses and storage of sensitive data, and a checklist and guide document for business and system administrators regarding effective sensitive data management practices. Informational meetings will be scheduled soon with individual units, beginning with central support units to discuss progress, needs and questions. We are working centrally to build a list of University forms and business processes for which the use of sensitive data may be reduced or eliminated, and units already have taken action to implement some of these changes. The effective practices guide document will be enhanced and re-released soon, and will incorporate steps necessary for compliance with a new Michigan Social Security Number Privacy Act. We appreciate the attention that is being given across the campus to this effort. MiLR optical fiber network operating The "Michigan LambdaRail" (MiLR) optical fiber network is operational. MiLR is a collaboration of MSU, the University of Michigan, and Wayne State University. The network is a 750-mile ring of optical fiber connecting the three research university campuses with multiple research and production-Internet network connection points in Chicago, including the National LambdaRail, and multiple international research networks at the StarLight networking facility. MSU's production Internet and Internet2 traffic is now carried on MiLR by Merit Network. For the past two years, MSU has operated a 1 gigabit-per-second (Gbps) connection to the Merit Network. Merit's MiLR channel is operating at 10 Gbps, providing MSU with a great deal of production networking bandwidth headroom at a relatively fixed cost. MiLR is capable of supporting multiple 10 Gbps data channels, and MSU researchers may use these for dedicated point-to-point networking with a variety of collaborators nationally and worldwide. Inquiries regarding use of MiLR for research support should be directed to Tom Davis, director of Academic Computing and Network Services (353-6727). High performance computing center now in service The High Performance Computing Center (HPCC) initiated production research support operations in May 2005. The Center contains an SGI Altix 3700 Bx2 shared memory computer with 64 processors, 256 GB RAM and 6.4 TB fiber-channel attached storage, providing approximately 333 GFlops (billion floating-point operations per second) of computing power. The Center is currently adding a Western Scientific AMD cluster with 512 (dual-processor) cores, 1 TB aggregate RAM, Infiniband connective fabric, and 8 TB of fast attached storage. The cluster is estimated to provide 2.4 Tflops of distributed computing power, and is anticipated to be in production early Fall Semester. The HPCC is a collaboration of the College of Engineering, College of Natural Science, National Superconducting Cyclotron Laboratory, and Libraries, Computing and Technology, with substantial financial support from the Vice President for Research and Graduate Studies. It is intended for production research computing in support of computationally-based research in all fields practiced by MSU faculty, University-wide. The Center's website contains information regarding its resources and governance, how to become a user, and other topics (www.hpc.msu.edu).