Topics

1) Network News: The Great Address and Domain Name Conversion
2) Windows News: Status of Windows fileserver upgrade
3) Web News: Webserver upgrade and consolidation
4) Web News: New version of TWIG
5) General News: SSH change on the chemistry Unix server
6) General News: Correct email address, correct web URL
7) General News: Eudora 5.1 now has built-in security
8) General News: Size of your mail spool
9) General News: CD writer in 2105 NW
10) Security News: Do you want to become a statistic?
11) General Tips: Did you know that...?
12) A true story: Server 54, Where Are You?

Chemistry Department Related FAQs:

	http://www.chemistry.ohio-state.edu/compsupp/Faqs/

Newsletter Archive:

        http://www.chemistry.ohio-state.edu/compsupp/Newsletter/

Due to the many hyperlinks, COMPNEWS is best viewed on the web
at the above URL, or by going to the main Chemistry page and
clicking on Internal --> Computer Support --> The Newsletter Archive



1) Network News: The Great Address and Domain Name Conversion:


During the quarter break, we successfully changed the IP-addresses of all
computers in the Chemistry Department (approximately 700!) and moved from the
MPS into the CHEMISTRY domain. We have officially returned the old addresses
to OIT. All computers in the Department should be taken care of now.

At the same time, we have converted most computers from static IP-addresses
to DHCP (Dynamic Host Configuration Protocol).

For information on how to configure DHCP on PCs and Macs, go to

         Internal --> Computer Support --> Chemistry Department Related Frequently Asked Questions (FAQs)
           --> How do I configure my PC or Mac to use DHCP?

If your computer uses static IP-addresses, please see the following Network
Setup FAQ:

         Internal --> Computer Support --> Chemistry Department Related Frequently Asked Questions (FAQs)
           --> How do I configure my PC or Mac to use a Static IP Address?

Only Unix computers and other server-type machines will be assigned static
addresses.


2) Windows News: Status of Windows fileserver upgrade:


The new file server was put into full production during the night of
Tuesday/Wednesday, April 10/11, 2001. The new server, "windows", replaces the
old server, "chem-nt1".

If you use a Windows95, 98 or ME PC, map your U: share as

  \\windows\username$

If you run WindowsNT or Windows2000 in the Chemistry Domain, your profile has
been changed for you, you will automatically map your U: share as before, and
you don't need to do anything.

MAC users:

   Chooser --> Apple Share, select "Windows" as your server

Note that only the name of the server has changed. For more details, and for
step-by-step instructions how to map your U: share under Windows and on
Macintoshes, see the updated FAQ on our web pages under

         Internal --> Computer Support --> Chemistry Department Related Frequently Asked Questions (FAQs)
           --> How do I access my U: share on the Windows-server?

For previous discussions of the new Windows server, see Bulletin News Dec.
1, and COMPNEWS issue 33.

We have decided to hold off on deployment of DFS for the time being (see
Bulletin News Dec. 1 for a discussion of what DFS is).

Disk quotas on the Windows server will be enforced in the near future.


3) Web News: Webserver upgrade and consolidation:


As of April 20, Apache 1.3.17 is now acting as the new production webserver
for the Chemistry Department. Previously, two separate servers, AOLserver and
an older version of Apache (1.3.11), worked together to supply the content
and services on www.chemistry.ohio-state.edu.

We have been using AOLserver as a webserver since the inception of web pages
in our Department (circa 1994). AOLserver, a solid commercial product, served
us well in the past, but wasn't feasible for us to maintain any longer. The
version we were running didn't have a built-in secure server (HTTPS), which
is why we started using the Apache webserver in parallel to AOLserver a year
ago.  Certain web-based services, such as our email interface TWIG, require
secure access to protect usernames and passwords from snooping.

Now, the content and services offered by www.chemistry.ohio-state.edu are
provided by a single Apache web server. Apache is a freeware product that is
available for many Unix and non-Unix platforms.

Many documents have moved with the transition, so if you perform edits of the
web pages NOT in a personal directory (i.e., a URL that contains a ~), it is
crucial that you examine the pages you edit to ensure that everything is
current with these pages. The new pages live under /www/htdocs.

All access and links to the Chemistry web pages should use:

  http://www.chemistry.ohio-state.edu

NOT http://chemistry.ohio-state.edu. There are still many instances of links
to the latter as well as email signatures. Please update these links. In some
cases, use of the latter URL will cause warnings and errors that can be
avoided if you use the correct URL.

FACULTY MEMBERS: Please make sure you are linking to your new research
descriptions introduced in January (see COMPNEWS 35). Many of you still have
broken links to your old research descriptions. For example, the research
description for Professor Bursten is now located at:

  http://www.chemistry.ohio-state.edu/cgi/brochure?Faculty=bursten

Old links are currently displaying "File Not Found" errors, and visitors
to your personal pages (if you have any) will not be able to find your
research descriptions.

There is a new Counter script that has many customizable features. To add a
hit counter to your web pages, look at the following updated FAQ:

         Internal --> Computer Support --> Chemistry Department Related Frequently Asked Questions (FAQs)
           --> How do I add a counter to one of my WWW pages?

If you are referencing scripts in the cgi directory, there are two important
things for you to do:

1) Make sure you are referencing a legitimate cgi script on our server.
If the name of the script you are referencing is "blue", and you're not
sure this is a legitimate script, just go to:

  http://www.chemistry.ohio-state.edu/cgi/blue

If a "File Not Found" error shows up, this is no longer present in the cgi
directory. Remove references to this script, because it will cause errors
for anyone who tries to use it. If "File Note Found" does not appear, you
can be relatively assured that the script exists.

2) Look for occurrences of "cgi-bin" in your HTML code. Change these
references to "cgi" if they refer to scripts on the Chemistry webserver. We
have changed the name of the cgi directory, since binary files are not stored
there. Rather than continuing the "cgi-bin" misnomer, we are trying to update
all references so the link that allows cgi-bin to continue to work can be
removed.


4) Web News: New version of TWIG:


As part of the webserver consolidation, the web-based email program TWIG was
upgraded from version 2.2.3 to version 2.6.2. All access to TWIG should be
through the secure port at

  https://www.chemistry.ohio-state.edu/twig/

Please update your bookmarks, as they will not work unless they point to the
above address exactly as it is written. This includes access to TWIG from
inside and outside the Chemistry department.

You will encounter an error if you try using the above address without the
's' following the http. "https:" means that you are dealing with a secure
webserver. Your password and all other traffic will be encrypted so that no
one can eavesdrop while you access your email. You may be prompted to accept
a certificate. View the certificate and make sure it is issued to
"www.chemistry.ohio-state.edu" and is issued by "Equifax Secure E-Business
CA" If so, click "Okay" then "Yes" to proceed. Login to TWIG as usual.

All links to TWIG on our web pages have been updated accordingly. For
a list of ways to access your email, go to

         Internal --> Computer Support --> Chemistry Department Related Frequently Asked Questions (FAQs)
           --> How can I access my email from outside the Department?


5) General News: SSH change on the chemistry Unix server:


On Thursday, May 3, we switched to a new SSH software on the chemistry Unix
server.

As a consequence of changing SSH, chemistry's host key changed. When you
reconnect with your SSH client, you will get a warning that chemistry's host
key has changed; you should ignore the warning and permanently accept the new
key (different SSH clients have different tools to accept and store the new
host key; some will prompt you, with others you have to go into Edit ->
Settings and manually delete the old key).

Under "normal" circumstances such a warning about a changed host key would be
of grave concern, since it would indicate that an attacker was impersonating
chemistry.ohio-state.edu.

SSH on public Unix machines was also changed. If you use SSH to connect to
those computers, you'll also be warned about the new host keys.

The new SSH implementation supports SSH1 and SSH2, as did the old one. There
is no longer a separate SSH1-daemon responding on port 8000 for the benefit
of broken F-Secure V1.0 clients for the Macintosh. If you still use F-Secure
V1.0 for the Mac, you need to upgrade (see our "SSH Primer" on the web for a
list of available SSH clients, both commercial and free). A reminder to
update old SSH clients was included in the last COMPNEWS (March 13).

The reason for this move to a different (open-source) SSH implementation is a
security vulnerability in the old SSH1 server that the company will not fix
anymore (they want everyone to use SSH2 exclusively, but we can't, since many
of our users have SSH1 clients).


6) General News: Correct email address, correct web URL:


It has come to our attention that people from outside the Chemistry
Department send email to user@www.chemistry.ohio-state.edu. An address of the
form user@www.chemistry.ohio-state.edu is NOT a valid email address, it has
never been advertised as an email address, it never worked in the past, and
it won't work in the future. Correct email addresses are of the form

   user@chemistry.ohio-state.edu

Furthermore, the URL for the Chemistry Department web site is and has always
been

   http://www.chemistry.ohio-state.edu/

Don't advertise anything else; in particular, don't leave out the www!


7) General News: Eudora 5.1 now has built-in security:


For lack of built-in security, users of the popular email client Eudora had
to use SSH and port forwarding to access their email from outside the
Department.

This has changed with the release of version 5.1 of Eudora, available now at
OIT's Software-To-Go site:

   http://softwaretogo.osu.edu/

Eudora can be used without tunneling by turning on SSL, just as in Netscape
Messenger and Outlook Express.

Remember that Computer Support provides a secure web-based email program
called TWIG, which is also an excellent solution when on the road. For a
description of all supported methods of accessing email securely from inside
and outside the Department, see

         Internal --> Computer Support --> Chemistry Department Related Frequently Asked Questions (FAQs)
           --> How can I access my email from outside the Department?


8) General News: Size of your mail spool:


The mail spool is the filesystem on the chemistry Unix server where incoming
mail is stored for everybody in the Department (some 700 users). There is
only a finite amount of space on this filesystem. While the size of the
filesystem could be enlarged, the point is that you need to keep the size of
your mail spool to a minimum, because if you use Eudora or Outlook Express,
each time you check email (perhaps every 2-3 minutes) the server needs to
sort through your entire mail spool to identify new messages. This can cause
substantial and unnecessary overhead.

The allowed upper limit in the mail spool is 20 MB. Ideally, you should have
less than 5 MB in your inbox.

Please delete old messages that you don't need anymore, and move messages you
do wish to keep to other folders. This is easy if you use the IMAP (rather
than POP) protocol for email retrieval. Ideally, your mail spool should
contain only messages you haven't seen yet or need to act upon the same day
or so.

Additionally, if you read mail by telnetting to chemistry and using pine,
elm, etc., you can also easily move mail from your inbox to different folders.

In both cases (IMAP and telnet) you use space in your /home directory when you
store mail in folders other than your mail spool (inbox).

If you read mail via Eudora or other POP clients and store messages on your
Windows U: share or on your PC, please configure it to NOT "leave mail on the
server", or to "Delete (message) from server when emptied from trash".

See our web pages for more details in a new FAQ

         Internal --> Computer Support --> Chemistry Department Related Frequently Asked Questions (FAQs)
           --> Mail Spool Size Issues & Eudora Settings


9) General News: CD writer in 2105 NW:


Did you ever wish that you could backup your own files to CD or put your
presentation onto a medium that was faster than a Zip disk? Computer Support
is pleased to announce a CD writer in the Lab 2105 NW. It is available for
all users of the Department that have access to the Lab.

How do I use it?
1: Bring your own blank CD-R or CD-RW (cost: $0.50 - $2.00)
2: Insert it into the writer (on hexane)
3: "Easy CD creator" will automatically start
4: Follow the easy step by step guide
5: The CD will eject itself when completed

More information is available under

         Internal --> Computer Support --> Chemistry Department Related Frequently Asked Questions (FAQs)
           --> How do I use the CD writer in 2105 NW?

If you have questions, please see our student workers.


10) Security News: Do you want to become a statistic?


Reports such as the one included below are typical of the state of security
among university computer systems. As mentioned many times before, security
is not something that can be achived just by putting up a firewall and by
installing other tools. Security must be in the mindset of everyone, and it
must be a collaborative process.

  Date: Wed, 21 Feb 2001  9:57:02 -0700 (MST)
  From: The SANS Institute 
  Subject: SANS NewsBites Vol. 3 Num. 08

  --12 February 2001  University Computer Security Sorely Lacking University
  computer systems are virtually "naked" when it comes to security, a
  characteristic that allowed them to be used in last year's DDoS attacks.
  US science agency grants that fund the computers and research do not
  provide for security or administration, which is usually left to the
  students.  Educause, a non-profit group, is working to help universities
  address vulnerabilities and provide guidelines for detecting DDoS
  attacks.
  http://www.computerworld.com/cwi/story/0,1199,NAV47_STO57605,00.html

To quote Alan Paller, director of research at the SANS Institute (System
Administration, Networking, and Security) in Bethesda, MD (Computerworld,
Feb. 21, 2000, Vol. 34, No. 8):

  We must stop accepting the excuse of "There's nothing worth protecting on
  my systems." Maybe there's no critical data there, but a system connected
  to the Internet is a loaded weapon, and it shouldn't be left out where
  criminals can use it to attack others.

(kudos to the first user who can tell us where on our web pages this quote
is published!)

For more security-related information, see our web page at

  Internal --> Computer Support --> Security and Virus information

and check the many links to excellent resources.

In this context it cannot be pointed out often enough that

 - it is of paramount importance to install virus checking software on PCs
   and Macs and to keep the virus definitions current

 - if you have broadband Internet access at home (cable modem, DLS) you
   need to have a personal firewall in place

If you neglect to follow the above recommendations for home computers and/or
for computers in your research group, you live on borrowed time, and  - worse
- you put the entire Department at risk.


11) General Tips: Did you know that...?


 ... you're are supposed to send all requests and problem reports to

        support@chemistry.ohio-state.edu

     and NOT to individual members of the support staff? Otherwise, you might
     not get any response if one of us is sick, on vacation, or very busy
     with other tasks.

 ... you can map your Windows U: share as

        \\windows\username$

      and your Unix home directory as

         \\unix\username

      from all Windows computers in the Department? Your U: share lives
      on the "windows" file server, while your Unix home directory lives
      on the "chemistry" Unix server.

 ... the preceeding information can be found on the web under

        Internal --> Computer Support --> PC and Mac information -->
                  --> Windows FAQ     ?

     Whenever any information changes, this document and all the FAQs are
     updated in a timely fashion.

 ... we perform daily backups of Unix home directories on the chemistry
     Unix server, as well as daily backups of all U: shares on the Windows
     file server?

     But remember: when you are on a PC or Mac, only what you put on your U:
     share is backed up, not any local data such as your C: or D: drive!

 ... the "Exchange" folder on the Windows file server, which is meant to
     facilitate file exchange between Windows computers and Macs, is not
     backed up? If you want to store something, you should store it on your
     U: share or in your Unix home directory.

 ... HTTP (Hyper Text Transfer Protocol) is used to access an insecure
     webserver, while HTTPS (Secure HTTP) encrypts all traffic between you
     and the web site? Because encryption is very compute-intensive, HTTPS is
     slower and causes more overhead for the server.

     On our webserver, the only applications that have to be accessed through
     the secure server, HTTPS, are TWIG, Keystone (job tracking system) and
     the NMR reservation scheduler pages. All other pages should always be
     accessed through HTTP.

 ... the official office hours of everyone in Support are published on the web
     under

        Internal --> Computer Support --> The Computer Support Staff

     This page also contains our vacation schedules.

 ... laptops being taken in and out of the Department represent a huge
     security exposure against which our firewall and other tools are
     powerless? Unless you have secured your latop, have disabled unnecessary
     services, have kept up with patches and are running a personal firewall,
     it is only a question of time until desaster strikes.

 ... wireless LANs are equally nightmarish when it comes to computer
     security? Current security features of wireless devices are woefully
     inadequate. Please don't put up any wireless devices in your labs,
     such as the Apple Airport, despite whatever claims of security the
     vendors are trying to make you believe!

 ... it is relatively straight-forward to predict who among you is most
     likely to bring viruses or worms into the Department, or to cause some
     other security desaster? No, it's not YOU, or YOU, because you are
     reading these lines! We invite you to do a simple test: ask your peers,
     colleagues, students or professors if they read COMPNEWS, understand
     why it is important to keep their passwords secure and know what a
     personal firewall is (ok, who have at least heard of personal firewalls
     before). If you get the reponse "huh?", or "I don't have time for that",
     add that person to the list of prime risk factors.


12) A true story: Server 54, Where Are You?


The University of North Carolina has finally found a network server that,
although missing for four years, hasn't missed a packet in all that time.

Try as they might, university administrators couldn't find the server.
Working with Novell, IT workers tracked it down by meticulously following
cable until they literally ran into a wall. The server had been mistakenly
sealed behind drywall by maintenance workers. - John Rendleman