The Inner Circle

So a little over a year has passed since I last wrote in this blog, a lot has happened. I never followed up being chucked out of our old house, we did get chucked, but we found a bigger place which is closer to work. We’re happy there apart from having a little overly “intrusive” land lord (nothing major, just “notices” the grass hasn’t been cut in four weeks, etc.). I can’t remember if I said I’d moved into my new job before I stopped writing but I have, and I’ve already been promoted which should be effective very soon.

I do mean to post more regularly on this blog, however I thought I’d just do a very quick round up before blogging about what I wanted to blog about.

As many of you know I work at one of the smaller universities in the UK, we have about 12000 students. On our network we have 6500 student residences and over 15000 ports throughout the campus for staff and students. On average we pull 400mbs and push 150mbs to our JANET regional network (which we also run ;).

Now and again various department, such as Physics, like to stress our links by swapping mass quantities of research data, last week they helped us average 980mbs incomming for a good four hours (we have 1gbps). I think it’s important to stress that we are an academic university, we encourage research, we don’t place many restrictions on what staff computers can do on our network. At the end of the day we provide a high speed network to be used.

However based upon experience I think many people are under the impression we are clueless about what happens on our network, or are incapable of looking. Which, I’m afraid is wishful thinking. Now that doesn’t mean we are consiously aware of every single action that takes place on the network, anyone who knows how much data 400mbs is will tell you it’s impossible to comprehend, but that doesn’t mean we don’t have a record. So what do we have…

Proxy/Server Logs
This is by far the most obvious one, every client PC records logs, so by rule you should assume our servers do. Which they do. All web traffic is proxied through one of four http proxies, these record your IP address, the date/time and what webpage you visited. These are kept for a significant amount of time, and we are often asked deal with http based abuse (usually to Wikipedia). Our services that require log on credentials always record who logged in from where and when.

Network Identification
Many people think that if they plug a laptop into a random network port get an IP address that they have never had before and isn’t assigned to them that we don’t know what it is. This isn’t true, everything that can be plugged into our network has a number that is unique (or it’s ment to be). We can simply look up this number and see what other IP addresses it’s been, and then look through the above mentioned server logs for usernames.

Network Authentication
This one is up and coming, we intend to implement a system that allows us who can plug into our network and what level of access they get when they do. I won’t go into how this works because we haven’t decided yet, suffice to say every device will be marked against a person and they will be responsible for it.

NetFlow
Here’s the big one for us, we fully know that the internet is not just webpages. There’s things like eDonkey and BitTorrent for doing peer2peer, there’s IRC, ICQ or Jabber for talking. You can watch movies in QuickTime or RealPlayer that come in live. You can make phone calls with Skype, play games on an Xbox or PC. We can’t proxy these things, so how do we know that they have happened.

Every ISP worth it’s salt, be they Pipex, BT, Zen, Bulldog, Tiscali, JANET, the university all use the same method (and more) to ensure they have records. All large scale routers, we’re talking the ones worth £50k+ not at £40 Belkin or Buffalo (although OSS firmware often has it for them) are capable of recording Network Flows.

Network Flows are records of communications on the internet, they don’t include the content of the communication, they just confirm that it took place. They record your IP address, the IP address of the server, the port numbers involved, the date/time, the number of packets, the number of bytes and a few other more technical pieces of information.

Yeasturday we recorded 1.5Gb of NetFlows which equates to about 30 million records, which our system thinks is 150Gb of data and that’s it not running at 100%.

Mirror Ports
Under the RIPA and the computing AUP the university has rights to ensure that it’s network is being used for purposes that do not break it’s AUP and diagnose network problems. Because of this we have ports coming off of our equipment that provides a complete copy of all data flowing through it. These are plugged into servers that can be used to search through the data and identify different flows in real time. We can also uses these mirror ports for running intrusion detection systems.

What else?
Having written this I try to think whatelse we do to ensure that we have some form of a record of what users do, I’m sure there is something, but I can’t think at the moment. It is exceptionally important to point out that access to all these different pieces of data is controlled heavilly to ensure that it can not be misused, and is not available to the majority of staff at the university.

For example mirror ports and network flows are only available to networking team leaders and the security team, server logs are usually only available to the admin team of that server, network identification records are available to all members of the technical groups as they do not contain sensitive or identifying information. Everyone with access to this type of data takes it very seriously as misuse is a serious incident and potentially illegal.

As I personally administrate the mirror servers and network flow server I can say that I take every care to ensure that the server is kept secure and access is limited to those that have a geniune need.

I hope this has opened a few peoples minds, but not frightened or worried them about big brother. It’s also worth writting that any views stated are my own and not thoose of my employer.

D.

So, I finally decided it was time to have a real play of Windows Vista, I had previous thought that with the release of Vista I’d make the final jump to either Linux or FreeBSD. I’ve generally found that it’s not been the doom bringer that people have forcast it to be, and it’s okey to use. For reference I’m using a work licensed copy of Windows Vista Enterprise via one of our key servers. I’ve noted some of the nicer and anoying things I’ve found below.

Sound Controls
Okey, so BeOS had this about eight years ago, but it is useful. I play music for my SO and I when we are working at our desks, the ability for me to leave WinAmp/iTunes at a higher level then say, Firefox or even World of Warcraft is good in my books. My only grudge is that the tray volume control only permits application volume changes, you have to dig further into the Sounds panel to alter levels.

Windows Updates
It seems wholey more integrated into the system, which can’t be a bad thing. I was pleased to get a screen telling me which updates had been sucessful after a reboot.

Notification of Administrative Access
This is a nice concept from Mac OS X and other OS’ that Microsoft seem to have missed the point, if I’m in the Control Panel I shouldn’t have to be clicking “Continue” to enter config options on a link that I clicked in the control panel. If anything I should have been asked to confirm my password once, and then be permitted to go on my way. I’m happy to see it and get asked when I install an application, although perhaps it popping up for every embedded MSI in the iTunes installation was a little anoying. But having written MSI’s for a living I can understand why that might not be possible if the MSI author isn’t the best.

Windows Aero/Windows Explorer
Aero, “what’s it all aboot?”. I don’t really see this interface as a big selling point, sure it’s nice to see your applications before switching to them, and a little screenshot if you hover over the task bar is nice. The glass effect is “fun” but not exactly life changing. I don’t see the point… I’ve not put it into “Windows NT” mode yet, so I guess that says something about the default theme for me.

As for what used to be Explorer… you can set it back to nearly what it used to be. I’m not convinced of the new fuffyness, but I’m a hard ball. I prefer *nix to Windows, and even prefer a *nix window manager like Ion3. It doesn’t seem to bad though. Although one plus, I could actually delete the Recycle Bin off of the desktop without jumping through hoops.

Windows System Rating
Heh, doesn’t really matter, but it’s slightly odd. I’ve got an Intel Pentium Core 2 Duo 3.6Ghz machine, yet the processor only get’s a rating of 5.0 and thus limits the machine to 5.0 rather then it’s other lowest value of the HD at 5.4… Petty, but still. I’m sure a 3.6Ghz dual core should be more then 5.0.

Task Manager/System Performance Monitor
It appears that this version of Windows keeps a lot more of a track of the applications that are running on it, the monitor allows you to see how much bandwidth each process is using. It’s not a huge step forward, I’d really have liked to have seen SysInternals (now Microsoft) Process Exporer merged into it even if not in the full.

“Start Search”
Another minor one, but, if I want to ping something now, I can just bring up the start menu and type “ping caesium”, I don’t have to do run anymore. I just start typing in the search box.

IPv6
Okey a major one for me in my job. I think Vista will probably be the one thing that pushes IPv6 hard throughout the world. It does everything it can using IPv6 by default. I’ve had to turn off Toredo as I’m not ready to use it at home yet. But this is a good step for the future, and respect to Microsoft for providing the pool of public Toredo servers to allow easy IPv6 connectivity in IPv4 only areas.

Well that’s it for now, I’ll post more once I’ve discovered more. Tomorrow I’ll install World of Warcraft and see, at this point I can see why Becta endorsed a report that basically suggested that while Vista was okey, there was not one “must have” feature that outweighed the cost finacially or in support terms. IPv6 could be one though…

If you wounder why Becta, remember I work at a university that supports over 1000 primary and high schools.

D.

I have a new job! Well a new job at the university, I was successful in applying for a Network Specalist (Security) post, which means once I start my new contract I will be on a perm contract and hopefully more money! Well that’s enough of this stuff, I wanted to post more about another project.

I don’t like it when things deviate from the norm, I like a steady and simple working enviroment. I suppose everyone does, any disruption to the Status Quo isn’t good. I work at a academic institution, so there’s a lot going on with pay harmonisation. It’s called the HERA review, it’s designed to make every university have the same pay scale, holidays and benefits.

The results of the HERA review have come out, there was a lot of worry before hand about how much people would be given and what would be taken away. Now all benefits/pay are protected for three years, and you get the best of both for the three years. So I guess I have to start thinking, I’ve been given a decent payrise, but I’ve had 5 holiday days taken off of me, and to get them back at the grade I’m at you have to work at the uni for 8 years…

Now I’m half way to moving to the next grade, which would automagically entitle me to my current holiday allowance, I guess the question is, can I make it to the next grade in two and a half years. I suspect that if I can’t, at that point I shall be parting company with my current employer. What also makes this more “interesting” is that a co-worker has just been offered a job in London for almost double what I’m on, and the job does sound like the direction I want to go.

I don’t really want to leave the university, as I do enjoy the work, but if they are going to take things away like the holiday, then I have to consider moving on. As now 20 days allowance, is less then I would get in industry. Hmmm…