AGENDAs+pre+Jan+2011

=PRE JANUARY 2011 NETWORK TEAM AGENDAS AND NOTES= =-= **Infrastructure Decisions That Result In Poor IT Security**1. Implementing a Single Internet Connection - Any single point of failure is a poor infrastructure and design decision. There should be two exits from every room. There should be at least two copies of every file. And there should be at least two connection paths out to the Internet. (There is an assumption here that Internet connectivity is an essential utility of the organization. If not, then redundancy is not as important.) With only a single connection to the Internet, there is a single point of failure. One mis-configured connection device, one hardware failure, one payment lost in the mail, one misguided backhoe, and the connectivity is lost. Every aspect of a network should be designed with redundancy in mind in order to avoid single points of failure. 2. **Failing to Implement Internal Traffic Management** - More than half of security breaches are caused by internal personnel. It is often incorrect to assume all users, programs, and processes within the organization’s network are safe and trustworthy. Every moderate to large network should implement traffic shaping, traffic throttling, and traffic control measures internally. By implementing these features, no one network service, application, protocol, or user can fully consume all of the network bandwidth to the exclusion of others. Thus, mission- critical communications will always have sufficient bandwidth reserved for them.

=
3. **Not Using Network Event Auditing** - Evidence of compromise is a valuable asset. However, it can only be obtained at the instant the compromise is performed. If the network is not already actively recording network events into a log file or audit trail, then security breaches will go unnoticed. It is better to record events to a log file that are not needed, than to not record events that are essential to detection, response, and potential prosecution. Without an ongoing permanent record of events (i.e., log files), you have no evidence of benign or malicious activity, and trends toward bottlenecks will go unnoticed as well.======

4. **Failing to Store Backups Offsite** - Bad things happen. You must be prepared. Backups are the only form of insurance against data loss. Without backups, your data is at risk. Serious risk. Real risk. You need to follow the backup 3-2-1 rule: • There must be 3 copies of data • There must be 2 different forms of media • There must be 1 copy stored offsite Failing to store a backup offsite is also a failure of taking the real world seriously. Complete and total destruction by fire, flood, tornado, and other acts of nature is common. No home or office building is completely protected. Assume the worst, and then plan to survive it. No, not just survive, but thrive through it. Be better prepared than your neighbors or competition. Be the first to fully recover and be back in business.

=
================== Discuss cross-training - what is next for Dale after Account Management [44772]?
 * Notes from Dec MTG**

Discuss Top Priorities outside of cross -training: 1. Upgrading network core and implementing remote access 2. Redesigning the district Web Site 3. Implementing monitoring & management infrastructure 4. Implementing off site data replication 5. Implementing Thin clients.

44237 -Summary: Macintosh Update server Wednesday, December 08, 2010 6:41:26 PM by JOLIVER5 plists changes need to be made on clients, and tested against the server - this task is being scheduled with time between my self and Peter. 46663 Summary: Install Spiceworks on an MS Server VM and work with Mike Pliss to configure together **What are the VM Server Resource levels?**
 * Review the status of these work orders - as time permits **

33124 Summary: Generate a Wireless LAN expansion plan for the High School - **are we any closer to having a plan we can share?** **46501**

Summary: Please reset Mike's Keyserver Password as it does not seem to work anymore.

1. Discuss ESXi implementation - [|"ESX versus ESXi"] VMWare has announced that ESX 4.1 will be the last major version to ESX with the service console. This white paper reviews briefly the history of the service console, the differences between ESX and ESXi, methods to manage ESX and ESXi, and how to modify existing scripts for use with ESXi.
 * AGENDA FROM 12/2/10**

2. 46663 - Discuss Spiceworks Implementation

3. Discuss status of completing spreadsheet of district phone numbers.

4. Discuss Juniper SSL I wanted to share some great 3rd party analysis regarding Juniper’s industry leading SSL VPN appliances. As you can see from the Gartner Magic Quadrant report they are truly leaders. In addition, these products have a license feature geared toward pandemics called ICE. The license provides large volumes of user access on a temporary basis without paying for all full time licenses. Once I get the quotes back I will share with you. [] Tom Wagar / Dell Network Fabric Specialist

5. 43686 - Summary: Migrate towards Distribution lists, over MailMan List Services

<span style="color: black; font-family: 'Arial','sans-serif'; font-size: 10pt;">6. 44803 - Review nComputing Server status.[44475-ENF

7. 46370 - Discuss impact of DR Brown on how we prioritize this.

8. 44061 - What is the Maintenance window for the Blackberry Ent Server?

9. 41318 - review status of backup training. What's next?

10. Discuss Wireless Policy Development strategy - Is this important & urgent?

11. Refresh top 5 projects lists

--

**<span style="font-family: 'Tahoma','sans-serif'; font-size: 10pt;">From: **<span style="font-family: 'Tahoma','sans-serif'; font-size: 10pt;"> Ellen Phillips
<span style="font-family: 'Tahoma','sans-serif'; font-size: 10pt; margin: 0in 0in 0pt;">**Sent:** Friday, November 12, 2010 8:57 AM <span style="font-family: 'Tahoma','sans-serif'; font-size: 10pt; margin: 0in 0in 0pt;">**To:** Mike Pliss; Dale Perry; Jason Oliver <span style="font-family: 'Tahoma','sans-serif'; font-size: 10pt; margin: 0in 0in 0pt;">**Subject:** FW: facilities conference room For your Dell meeting, I booked the Facilities conf. rm. 11/18 1:00-4:00 . - Ellen

**<span style="color: #000066; font-family: 'Arial','sans-serif'; font-size: 10pt;">[|Over 500 Education Organizations Select Meru] ** <span style="color: black; font-family: 'Arial','sans-serif'; font-size: 10pt; margin: 0in 0in 0pt;">Meru's virtualized WLAN solution helps realize significant performance benefits and lower operating costs.

Agenda from Meeting on Nov 4th at 3PM


<span style="font-family: 'Arial','sans-serif'; font-size: 10pt; line-height: 115%; margin: 0in 0in 10pt;">1. Establish time line for progress with WO# 46370 - Improve Exchange email access for Macs **This work can take place until after the new Blade Servers are installed in the NOC. 2010 can be run all virtual but we need the servers first. Time table is Next Summer 2011.** <span style="font-family: 'Arial','sans-serif'; font-size: 10pt; line-height: 115%; margin: 0in 0in 10pt;">2. Mark update HS WLAN floor plan to include Don Mill's preferences (WO# 33124) **BLDG A is up and BLDG G is next. Others have asked for the Gym and Cafeteria.** <span style="font-family: 'Arial','sans-serif'; font-size: 10pt; line-height: 115%; margin: 0in 0in 10pt;">3. WO# T!44624 when can Bill get access to make changes on the Help Desk site? **Action: fup with Bill and get access to him.** <span style="font-family: 'Arial','sans-serif'; font-size: 10pt; line-height: 115%; margin: 0in 0in 10pt;">4. WO# 44793 How is our plan for going to Vsphere going? Information regarding what I was talking about with ESXi transitioning: [] <span style="color: black; font-family: 'Arial','sans-serif'; font-size: 10pt; line-height: 115%; margin: 0in 0in 10pt;">**<span style="font-family: 'Arial','sans-serif';">Most important piece of the article: Installation and Deployment ** **<span style="font-family: 'Arial','sans-serif'; font-size: 10pt; line-height: 115%;">ACTIONS: Jason get the quote for 3 x 905 Dell Server Blades. Contact The Computing Center and setup a time to meet the engineer assigned. Time frame is Feb 2011. Scope is upgrade six servers. ** <span style="font-family: 'Arial','sans-serif'; font-size: 10pt; line-height: 115%; margin: 0in 0in 10pt;">5.Triple AAA authentication with a RADIUS server. **Timeframe is NOV 10.** **<span style="font-family: 'Arial','sans-serif'; font-size: 10pt; line-height: 115%;">6. ACTION: Bump ENF nComputers from a Dell 1850 to 1950 – NOV 10. ** **<span style="font-family: 'Arial','sans-serif'; font-size: 10pt; line-height: 115%;">7. Discussed latest new NOC design that eliminated the door to provide access to bathroom. Possability if adding UMRA Automation and Forms **
 * <span style="color: black; font-family: 'Arial','sans-serif'; font-size: 10pt; line-height: normal; margin: 0in 0in 10pt; tabstops: list .5in;">VMware ESX. VMware vSphere 4.1 and its subsequent update and patch releases are the last releases to include both ESX and ESXi hypervisor architectures. Future major releases of VMware vSphere will include only the VMware ESXi architecture.
 * <span style="color: black; font-family: 'Arial','sans-serif'; font-size: 10pt; line-height: normal; margin: 0in 0in 10pt; tabstops: list .5in;">VMware recommends that customers start transitioning to the ESXi architecture when deploying VMware vSphere 4.1.
 * <span style="color: black; font-family: 'Arial','sans-serif'; font-size: 10pt; line-height: normal; margin: 0in 0in 10pt; tabstops: list .5in;">VMware will continue to provide technical support for VMware ESX according to the VMware vSphere support [|policy >.* To learn more about the ESXi architecture and how to migrate from ESX to ESXi, go to the VMware ESX to ESXi Upgrade][|Center >.]

- =10/28 at 3PM= 1. <span style="color: black; font-family: 'Arial','sans-serif'; font-size: 10pt;">WO# 44803 was amended to include the following information: By way of a reminder, last week we discussed wanting to compare: Filling up the 1000e with 605 Blades vs 615 Blades (confirm the 1000e supports the 11th-generation servers). Best advise if you want help: Contact: Tom Wagar, Dell Systems Consultant, Cell 716.601.9483 | Office 716.636.0058 <span style="color: black; font-family: 'Arial','sans-serif'; font-size: 10pt;">2. <span style="color: black; font-family: 'Arial','sans-serif'; font-size: 10pt;">Review Status of WO#44803: N Computing Servers - Possible hardware upgrade M1000e chassis <span style="color: black; font-family: 'Arial','sans-serif'; font-size: 10pt;">3. What is the status of installing a Mac OSX 10.6 Server for Work Group management of Apple computers? <span style="color: black; font-family: 'Arial','sans-serif'; font-size: 10pt;">4. <span style="color: black; font-family: 'Arial','sans-serif'; font-size: 10pt;">WO# 40704 - Have we seen any issues since turning off WINS?

<span style="color: black; font-family: 'Arial','sans-serif'; font-size: 10pt;">5. We are going to need Wireless in the GYM next month - is this already part of Mark's HS Plan?

<span style="color: black; font-family: 'Arial','sans-serif'; font-size: 10pt;">---
 * 10/26/10**
 * How many Ithaca computers are partof a BOTNET?**


 * According to BBC News, 2.2 million U.S. personal computers were part of botnets, making the United States the tops in the world in that category, reveals a 240-page Microsoft report.(See i)**

=<span style="font-family: 'Arial','sans-serif'; font-size: 9pt; margin: 0in 0in 0pt;">Last week wasEducause 2010 in Anaheim, CA. giving a good snapshot of what schools are doing with respect to. Here are some top-of-mind mobility issues in Education IT and related-technologies. = =<span style="font-family: 'Arial','sans-serif'; font-size: 9pt; margin: 0in 0in 0pt;">- = iOS…Resistance is Futile – As mentioned in my last e-mail, iPads, iPods and iPhones are giving campus Wi-Fi networks a run for their money. Not just because there are so many of them, but because they tend to run more multimedia-heavy applications. Aruba recently published a best practices document for supporting iPads in a campus network. <span style="font-family: 'Arial','sans-serif'; font-size: 9pt;">[|Download it here]. <span style="font-family: 'Arial','sans-serif'; font-size: 9pt; margin: 0in 0in 12pt; tabstops: list .5in;">- Wireless is Prime Time – No longer a network of convenience, wireless is now the primary network on college campuses. And with this new status comes new responsibility. In fact a common topic at the show was Aruba’s ability to deal with the uncertainty of the air – specifically, how to avoid sources of both Wi-Fi and non-Wi-Fi interference. Learn more about Aruba’s recent announcement on <span style="font-family: 'Arial','sans-serif'; font-size: 9pt;">[|Spectrum Analysis] <span style="font-family: 'Arial','sans-serif'; font-size: 9pt;">-

=Thursday 10/21 at 3PM - mike's office=

1. Dell/Kace systems management appliance: We can use the appliance or virtualize it. It is great to manage Windows, Mac and Linux clients. In addition it has a robust Help Desk module for self help as well as case management via IM, email etc. The portal is [|www.dell.com/kace] There is also a sandbox where you can access alive online appliance [|www.kace.com/sandbox] I'd like us to complete webinar next. I am still waiting for that information. Technical Contact: Tom Wagar, Dell Systems Consultant, Cell 716.601.9483 | Office 716.636.0058 VIEW THE DEMO ** Update 10/21: I am going to do the demo in my office at 2pm if you want to join me. ** - 2. Are either of you planning to attend the SMP Symantec Update: Virtualization, Backup, Dedup & DR Products


 * **<span style="font-family: 'Georgia','serif';">For Government and Academic Institutions **
 * <span style="font-family: 'Georgia','serif';">Wednesday, 3rd of November 2010 **
 * <span style="font-family: 'Georgia','serif';">12:00 PM - 2:00 PM Luncheon ** ||  || **<span style="font-family: 'Georgia','serif';">Mario's Italian Steakhouse **
 * <span style="font-family: 'Georgia','serif';">2740 Monroe Avenue **
 * <span style="font-family: 'Georgia','serif';">Rochester NY 14618 ** ||

**TOPICS:**
 * Optimize data protection for physical and virtual servers
 * Reduce backup windows
 * Reduce complexity of data recovery
 * Meet strict recovery point objectives and service level agreements
 * Reduce storage consumption by up to 80% with deduplication
 * Improve backup speed by 50%
 * Reduce storage by up to 40% for VMware
 * Eliminate time-consuming MAPI backups
 * Achieve email and disaster recovery (DR) restore objectives

-

Questions related to Equalogice, Dell Server and VMware 1. Should we compare saturating the M1000e with getting a new 11th Gneration Chassis? 2. Are we going to implement virtual storage (one big pool across all drives vs. RAID)? 3. Officialy DELL still recommends weekly archives to DLT (weekly) even if you use mutiple levels of Drives for backup and even if you use multiple snapshots. 4. How long has the new SAN been plugged in? Some data suggests 90 days before moving into production. 5. What version of firmware are we using on the Equalogic SANs?
 * Network Team Meeting Thursday 10/14 at 2PM - mike's office**

Review current status of:

Backup WO# 41318 - no new notes Accounts WO# 44772 - recorded locked -- no new notes

FYI 10/8/2010
The Internet registry will give some lucky user the last IPv4 Internet address on or about January 25th 2012.

The Upside of Moving to IPv6

=10-7-2010 Meeting Agenda=

Review current status of: Backup WO# 41318 <span style="color: black; display: block; font-family: Arial,sans-serif; font-size: 10pt; margin: 0pt;">Thursday, September 23, 2010 2:39:26 PM by JOLIVER5 Met with mark this AM - showed him / let him hands on build the Linux, Daily, Weekly, Monthly jobs for D2D on BU01. Mark indicated in this meeting that the various parts to the backup job duties are starting to come together for him. We will meet again next week.

Friday, October 01, 2010 8:22:59 AM by MGregrow I removed files from the Daily, Weekly, Monthly, Exchange and SQL Backups Folders, that did NOT have there Attribute bit set. This was done on bu01 and prevents the disk drive from filling up and causing a crash.

Monday, October 04, 2010 1:51:47 PM by JOLIVER5 I gave mark instructions for him to fly solo last week. He did not have issues.

Thursday, October 07, 2010 9:46:29 AM by MGregrow On bu01 I removed files from the Daily, Weekly, Monthly, Exchange and SQL Backups Folders, that did NOT have there Attribute bit set.

Thursday, October 07, 2010 1:33:12 PM by JOLIVER5 Additionally I worked with Mark and showed him how to exclude items that cause problems in the Jobs. Accounts WO# 44772 last week was not afforded much time with my being out ill and a seminar to attend on Friday to put much face time to this. I will be making this up this week with additional time focused. **Can two sessions happen in the coming week?** What are out three biggest problems right now? Is VMware burping one of them?
 * JASON's Critical WOs**


 * ||  || ID ||   || Priority ||   || Type ||   || Date Entered ||   || Summary ||   || Requestor ||   ||   ||


 * ||  || 45400 ||   || Critical ||   || Other ||   || 9/7/2010 11:26:25 AM ||   || Blackboard Course - CLOSE ||   || Craig Cowell ||


 * ||  || 46026 ||   || Critical ||   || Other ||   || 9/26/2010 8:37:06 PM ||   || IHS Activities Calendar - Permissions change ||   || Karen Durfee ||


 * ||  || 40857 ||   || Critical ||   || Other ||   || 12/18/2009 3:15:50 PM ||   || move auto calling for Food Services lunch money to School Messenger ||   || Karen Durfee ||


 * ||  || 46228 ||   || Critical ||   || Enfield Elementary ||   || 10/6/2010 5:02:10 PM ||   || N Computing Lab ||   || Mike Simons ||


 * ||  || 45869 ||   || Critical ||   || Other ||   || 9/20/2010 1:57:07 PM ||   || need user accounts for 2 students ||   || Steve Hoffman ||


 * ||  || 46192 ||   || Critical ||   || Other ||   || 10/5/2010 10:47:29 AM ||   || Ruben Tarrats (student) needs network account ||   || Armin Heurich ||


 * ||  || 44772 ||   || Critical ||   || Administrative Board Building ||   || 8/23/2010 3:36:33 PM ||   || Train Dale how to use the UMRA-method of new account creation ||   || Michael Pliss ||   ||   ||   ||   ||




 * DALE's Critical WOs**
 * ||  || ID ||   || Priority ||   || Type ||   || Date Entered ||   || Summary ||   || Requestor ||   ||   ||


 * ||  || 42888 ||   || Critical ||   || Administrative Board Building ||   || 4/29/2010 10:02:14 AM ||   || Audit the sacred list of primary passwords in the NOC vault for accuracy and completeness ||   || Michael Pliss ||


 * ||  || 45653 ||   || Critical ||   || Ithaca High School ||   || 9/13/2010 1:29:10 PM ||   || Computer set up ||   || Linda Conlon ||   ||   ||   ||   ||




 * MARK's Critical WOs**
 * ||  || ID ||   || Priority ||   || Type ||   || Date Entered ||   || Summary ||   || Requestor ||   ||   ||


 * ||  || 45765 ||   || Critical ||   || Other ||   || 9/16/2010 11:33:59 AM ||   || FW: Technology Question ||   || help@icsd.k12.ny.us ||


 * ||  || 33124 ||   || Critical ||   || Ithaca High School ||   || 5/9/2008 11:26:27 AM ||   || Generate a Wireless LAN expansion plan for the High School. ||   || Michael Pliss ||


 * ||  || 45398 ||   || Critical ||   || Other ||   || 9/7/2010 11:10:31 AM ||   || Internet port not working ||   || Steve Hoffman ||


 * ||  || 45845 ||   || Critical ||   || Other ||   || 9/20/2010 10:35:14 AM ||   || Network Wall Jack Dead ||   || Joseph Sherrill ||


 * ||  || 45374 ||   || Critical ||   || Other ||   || 9/5/2010 3:20:45 PM ||   || port number e16-M-2-B-11 is down ||   || Scott Breigle ||


 * ||  || 45443 ||   || Critical ||   || Other ||   || 9/7/2010 4:14:55 PM ||   || Switch and wires are a safety hazard ||   || Ian Krywe ||


 * ||  || 41318 ||   || Critical ||   || Administrative Board Building ||   || 1/13/2010 5:25:08 PM ||   || Train MarkG to operate Backup & Restore Protocols ||   || Michael Pliss ||


 * ||  || 46043 ||   || Critical ||   || Other ||   || 9/27/2010 2:13:57 PM ||   || Wireless Subnet runs out of space 10.22.2 ||   || Jason Oliver ||   ||   ||   ||   ||



Other topics: -WIP: <span style="display: block; font-family: Tahoma,sans-serif; font-size: 10pt;">TST Cross Contract for Cabling Services -WIP: Can KULP BOND pay for Meru materials requested Microtech -WIP: Get a DELL quote for filling up the M1000e Server Rack with add'l M605's-Win7 VM is working our great!

9/30/2010 FYI // September 28, Help Net Security // – (International) **U.S. leads the way in malware and firewall attacks.** The United States has overtaken India and Russia to become the biggest producer of viruses once more, according to Network Box. The United States is now responsible for 12 percent of the world’s viruses, up from 4 percent from August, when the United States trailed both India and Russia. India takes second place with 7.17 percent, after its virus production declined by 6.56 percent. Russia, which was in third place, has dropped to fifth after a fall of 5.53 percent, to be replaced by Korea, which saw an increase in production of 0.27 percent (reaching 6.29 percent of virus production). Viruses produced in the United Kingdom have dropped again (by 0.29 percent). The United Kingdom has now dropped from fourth largest producer in July, to tenth in September. The United States and India still dominate when it comes to spam production, being responsible for 10.79 and 6.88 percent of the world’s spam, respectively. Russia has replaced Brazil as the third largest spam producer, after an increase of 2.53 percent from last month, to 6.04 percent of the world’s spam. The majority of firewall attacks still originate from the United States (18.65 percent) — in fact there was a slight increase of 0.32 percent in September. Source: []

9-23-2010 AGENDA 1. Review impact of IIT taking over phone service of VoIP phones including MAC needed for analog VoIP handsets. 2. Review update on how cross-training has proceeded since last meeting [Backup WO# 44530 & Accounts WO# 44772] Backup WO# 44530 No progress noted since 9/15 Technician 9/15/2010 5:31:47PM JOLIVER5 mark advanced on installing the linux agents. I will proceed with the job definition later in the week 9/14/2010 1:39:17PM JOLIVER5 I have meeting scheduled to meet with Mark on Wens I will be showing him the NEW structure, and greatly simplified D2D backups server. Once the new Tape Drive arrives, this will be the icing on the cake of Backups. I will be letting Mark build and Define the Linux Backup Jobs, this will also allow him to get quite fluent with how toupgrade the agents. I have the windows Jobs built off the new server. Accounts WO# 44772 No progress noted since 9/16 Technician 9/16/2010 1:04:36PM JOLIVER5 I finally got Mindex / School tool folks to fix the updated data extracts to return the High School Students, and will now be able to advance on the continued streamlining.9/10/2010 4:20:25PM JOLIVER5 Have met with dale weekly so far to address and go over the changes being made to the account system. he is in the loop, given his current phone time, we have hade more conversations than hands on.

4. Review Tom Homer's 9/27 visit - who is planning on working with him while he is here?

5. Review Open Critical Work Orders & Open Projects

6. OCM BOCES word document outlining the support options for the various items you requested from me. Please review and contact me if you need additional information or would like to meet.

7. Other traing that will be expected of you this year is likely to include Time Management & Project Management.

=9/13/10= Apple’s iPhone and iPad are increasingly being adopted in the enterprise and secure enough for most firms, but high-security companies are likely to stick with Research in Motion’s BlackBerry platform, according to a Forrester Research report. =9/2/10=

// August 30, IDG News Service // – (International) **Cisco patches bug that crashed 1 percent of Internet.** Cisco has fixed a bug in its Internetwork Operating System (IOS) router software that contributed to a brief Internet blackout last week, thought to have affected about 1 percent of the Internet. The bug was discovered August 27 when the RIPE NCC (Reseaux IP Europeens Network Coordination Centre) and researchers at Duke University started distributing experimental BGP (Border Gateway Protocol) data via RIPE NCC’s systems. A large number of routers became unreachable within minutes and the experiment was quickly stopped. The Border Gateway Protocol is used by routers to find the best ways to send traffic to each other on the Internet. Because it is very easy for bad BGP data to spread quickly, security experts have warned it could someday be misused to seriously disrupt the Internet. It turned out that routers that were running Cisco’s IOS XR operating system took the experimental data — which was much larger than typical BGP routing information — corrupted it, and then passed that corrupted information on to other routers. Many of the routers simply closed connections with the Cisco routers that sent the buggy data, causing part of the Internet to become inaccessible. In a security advisory released just hours after the incident, Cisco confirmed the August 27 incident disclosed the bug. The experiment made it difficult to reach some networks in more than 60 countries, according to Renesys’ General Manager, who blogged about the issue August 27. More than 3,500 “prefixes,” or blocks of Internet Protocol address space, were affected, he said. There are just over 333,000 such prefixes on the Internet, according to the Web site Cidr-report.org. Source: []

=8/31/10= // August 27, Computerworld //– (International) Rootkit with Blue Screen history now targets 64-bit Windows. A new version of malware that crippled Windows PCs last February sidesteps safeguards designed to block rootkits from hijacking machines running 64-bit editions of Windows, researchers said August 26. "A new era has officially dawned; the era of x64 rootkits," said a Prevx researcher in a post to the company's blog. The updated rootkit, which goes by names including Alureon, TDL and Tidserv, is able to infect 64-bit Windows PCs. Both Prevx and Symantec have found evidence that hackers are actively using the rootkit. "The infection is spreading on the Web, by using both porn Web sites and exploit kits," he said, adding that U.K.-based Prevx spotted the new rootkit more than 1 week ago. Symantec's first sighting was August 25. The new rootkit sidesteps two, important anti-rootkit protections Microsoft built into 64-bit Windows, Kernel Mode Code Signing and Kernel Patch Protection, also known as PatchGuard. The pair are designed to make it more difficult for malware to tamper with the operating system's kernel. Rootkits that overwrite the hard drive's master boot record, where code is stored to bootstrap the operating system after the computer's BIOS does its start-up checks, are essentially invisible to the operating system and security software. Source: [] =8/30/10=

1. Review status of Backup Crosstraining of MarkG WO# 41318 2. Review status of Account Management Crosstraining of DaleP WO# 44772 3. Review Powerpoint of Code of Conduct

4. Update Jason's spreadsheet (Work Plan 082310.ods)

=8/25/2010= =How many servers can 1 Sys Admin manage?= Using automation in a “managed environment,” a sys admin can manage 100+ servers. Manually in an “unmanaged environment,” 10 could be the upper bound.

A “managed environment” might be ITIL with a change advisory board (CAB) and complete process to manage changes, all servers as a similar a possible, etc. An “unmanaged environment” would be every server is hand build, different from all the others and the sys admin is living in the wild west (no policies, procedures or standards).

Physical vs. Virtual does not matter as much as policies, procedures or standards.

=8/23/2010 Meeting Notes=

1. Exec Team Directive to IIT tighten our Network Support relationship with BOCES (vs Commercial Partners). We are actively seeking to grow our Network Services support relationship with BOCES in these areas:

We are most concerned with emergency support but are also interested in seeing what role BOCES staff can play in the audit & design phase of our projects. The goal is to develop capacity for the current school year to support us in any of the areas listed:

1. SAN, Data Backup & Data Restore Administrative Services 2. Identity Management Administrative Services 3. Microsoft Domain Group Policy Administrative Services 4. VMware Administrative Services 5. Web Application Development (SQL/PHP) and Administrative Services 6. SQL Database Administrative Services 7. Outlook/Exchange Administrative Services 8. Router & Switch Network Engineering and Administrative Services 9. Wireless Network Engineering and Administrative Services

2. Review Jason's Work Order spreadsheet started last week and update

3. Computerworld reports security firm Symatec indicates that traditional security technologies are losing the battle against the black hats and malicious code writers. In a mid-year review of its IT security risks and predictions made early in 2010, Symantec has warned that there are simply too many new cyber threats out there for traditional automated systems to catch: August 16, Computerworld – (International) Blacks hats winning, says Symantec. Traditional security technologies are losing the battle against the black hats and malicious code writers, said the security firm Symantec. In a mid-year review of its IT security risks and predictions made early in 2010, Symantec has warned that there are simply too many new cyber threats out there for traditional automated systems to catch. The review found that Symantec created 2,895,802 new malicious code signatures last year alone, a 71 percent increase over 2008, and representing more than half of all malicious code signatures ever created by the security firm. Symantec said they identified more than 240 million distinct new malicious programs, a 100 percent increase over 2008. "In just the first half of the year, we have created 1.8 million new malicious code signatures and identified more than 124 million distinct new malicious programs." the report said. "This means it is becoming less likely that traditional security technologies will catch every new threat out there; there are simply too many of them, even with automated systems in place." Source: <span style="color: #0000ff; display: block; font-family: 'Times New Roman','Times New Roman';">[] <span style="color: #0000ff; font-family: Times New Roman,Times New Roman;">// August 17, IDG News Service // <span style="font-family: Times New Roman,Times New Roman;">– (International) **<span style="font-family: Times New Roman,Times New Roman;">NSS Labs: Testing shows most AV suites fail against exploits. ** <span style="color: #000000; font-family: Times New Roman,Times New Roman;">A majority of security software suites still fail to detect attacks on PCs even after the style of attack has been known for some time. NSS Labs tested how security packages from 10 major companies detect so-called "client-side exploits." In such incidents a hacker attacks software ulnerabilities such as Web browsers, browser plug-ins or desktop applications such as Adobe Acrobat and Flash. NSS Labs is an independent security software company that does not accept vendor money for performing comparative evaluations. Vendors are notified, however, and are allowed to make configuration changes before NSS Labs’ evaluation. "This test — the first of its kind in the industry — was designed to identify how effective the most popular corporate endpoint products are at protecting against exploits," according to the report. "All of the vulnerabilities exploited had been publicly available for months (if not years) prior to the test, and had also been observed in real attacks on real companies." The attacks are often done by tricking a user into visiting a hostile Web site that delivers an exploit, or a specially crafted code sequence that unlocks a vulnerability in a software application, according to the NSS Labs report. Source: <span style="color: #0000ff; font-family: Times New Roman,Times New Roman;">[] This paper outlines eight common threats that traditional anti-virus alone won't stop, and explains how to protect your organization using endpoint security.- 4. Review the configuration of NocCon on TS01 and clarify the security risk at stake with allowing trusted vendors and BOCES this level of access to our systems.-5. Review status of DHCP/DNS issues & discuss current strategy.---6. WO43685 & 44532 Jason what else is needed to complete the instructions? Tony says he is waiting for you to tell him you are ready to train him. Is that correct? -Mike

7. Jason, it does not look like you have made any additional progress on this in the past week. Was going to Sophos a mistake? How many of our computers are not getting the updates? -Mike

ID: 43854 Date Assigned: Wednesday, June 30, 2010 1:48:52 PM Due Date: Priority: Critical System Closed Date: Requestor: Dale Perry Assigned Technician: Oliver, Jason Location: Maintenance Facility Summary: Diagnose and resolve update download connectivity issues - SOPHOS

8. New SMS Group needed by Data Group for iTouch Project/Schooltool

9. (ID 44727) Data Dept need a Joomla Webpage