I went to OUCC 2005 in Kingston. I tried to balance what sessions I wanted to go with the sessions I felt I should have gone to. The complete list of sessions is here. Here are my notes from the sessions I attended:

Change Management in Applications

Queen's had a problem where their Java developers had frequent requests to change the text (such as questions in a grad application form). The requests were frequent enough that the developers were doing more data entry than developing. So, they starting looking at using properties using something like struts on Apache. The problem with struts was that the property files were in text files on the server, so end-users would have a hard time editing them. They developed something called PropMgr (property manager). They developed a framework of properties, that are organized in a tree-like structure, stored in an RDBMS. Access to this thing was controlled via the campus LDAP server (using role-based access control). The example was a Grad School application. The Grad Office had control of the necessary parts of the application process, but each department had their own custom optional questions. This system let departments manage their own content without the developers having to go through testing for every code change.

Implementing and Securing a VOIP Phone System

Laurentian moved to a Voice-over-IP phone system since their existing PBX was no longer upgradable. Rick talked about the RFP, what hardware they got (Nortel) and the types of phones they use. I was more interested in the "securing" aspect: it turns out simply having seperate private VLANS for the phones and making use of the QoS features of the switches was enough. DoS attacks didn't cause a problem.

Computer Lab Support

This was a birds-of-a-feather session, that started as a rant of the problems that York lab support people are experiencing with general university administration.

Physical security is a problem everyone shares. Looks like UW is the only place with 24/7 open labs. Other institutions have the labs available for 24/7, but you need some kind of passcard to get in as the labs have physical access control. Many places tried fibre optics but gave up due to headaches (false alarms, maintenance). Some places have cameras, others take advantage of the labs being in libraries so that staff can keep an eye on things.

Few universities have LCD screens in labs. One of the factors discouraging them is lifetime of the screens; they just don't last as long as the CRTs. I think the guy from WLU said it depends on the make you buy.

Novell seems to be alive and kicking in the labs of many institutions. York and WLU seem quite happy with Novell. I don't think Ryerson was represented but I know they use it.

Integration: Campus IT services with IP phones at U of G

This talk was mostly about how to program XML (I think) applications (such as a phone directory) on a Voice-over-IP display phone. Neither interesting nor relevant to me. I heard the Strategic Planning for Administrative Systems talk was good, I should have gone to that one (even though CSCF is an academic support group).

Securing a campus-wide Active Directory

This was Erick's talk. I'm not sure if it was all nerves, or if he didn't prepare enough, but to be quite honest, I didn't get anything out of the talk. It was more of a rant about trust, perhaps in response to Microsoft's persentation on the Trustworthy Computing initiative.

One interesting thing I did note was that he said he would rather make a server unavailable, during production hours, to fix a security problem where secrets were available for the taking, than wait to take it down during non-production hours to fix the security problem. I disagree with this philosophy. It depends on what the secrets are, and how likely the revelation of those secrets are to the business. I think he was talking in the context of passwords. My approach in that case would be to leave the server up, monitor it more closely, then fix at off hours and change the passwords.

Deploying Firewalls in Academic Environments

This was the talk I gave. I think I did ok. The timing seemed ok but I'm sure I took too long at the beginning and went a bit fast at the end. I think I rocked back and forth during the talk (habit, it's what I do when holding my baby son) from nerves.

Vendor Keynote Talks

Each one was really the same format. They talked doom and gloom about why security is important, then pitched how their company is solving the problem. Mostly marketing, but it was useful in that it was clear what each company's directions were. The common themes were:

  • integrate security into the X technology (X=OS, or X=network switch, etc..)
  • The concept of a computer only being allowed on the network if it meets a certain standard (OS level, patches).

The second point above is interesting. First, it points out that the vendors' talks were targeted for a generic corporate audience, rather than the university crowd since we all know there is no such thing as a corporate standard at most, if not all, universities. Second, they accomplish this by "scanning" the machine in question to see if it "passes". The scanning is done by an agent running on your PC. I wouldn't be surprised if the memory footprint of security software on a corporate PC these days is greater than that of the applications that the user is running. Hopefully these "agents" aren't vulnerable to buffer overflows.

I was kidnapped

After my talk, I was approached by the CS support staff from Queen's and UofO to chat over lunch and tour the Queen's CS area. UW CS is big compared to these groups. UofO CS use LDAP to authenticate both Unix and Windows (no Active Directory!). Most of the discussions were about how the support departments were organized.

Other tidbits

  • UofG has a new position: CIO and Chief Librarian. So IT and the Library are kinda the same department under one guy.
  • York, I heard, seems to do OK with Bayesian filtering
  • I got the impression that greylisting was not a preferred approach for dealing with spam.
  • Lots of universities are building new buildings, especially UoOIT.
  • I think the food at Queen's was excellent. Queen's in general was a really good host.

-- JasonTestart - 03 Jun 2005

Topic revision: r2 - 2005-06-03 - JasonTestart
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback