Topics

1) General News: Chemistry Research Administrator Team (ChemRAT)
2) General News: Computer Security issues
3) Windows News: Securing Windows desktop computers
4) General News: Charging for security violations (reminder)
5) General News: Forward your email to chemistry
6) General News: Peer-to-peer file sharing services, music swapping
7) Mac News: Logins on Macintosh computers
8) General Tips: Did you know that...?

Chemistry Department Related FAQs:

	http://www.chemistry.ohio-state.edu/compsupp/Faqs/

Newsletter Archive:

        http://www.chemistry.ohio-state.edu/compsupp/Newsletter/

Due to the many hyperlinks, COMPNEWS is best viewed on the web
at the above URL, or by going to the main Chemistry page and
clicking on Internal --> Computer Support --> The Newsletter Archive



1) General News: Chemistry Research Administrator Team (ChemRAT):


Many research groups have a point person or local admin doing some of the
group's computer administration, for example Windows software installations.
In order to maintain closer ties between those local administrators and
Computer Support, we are in the process of creating a user group by the name
of ChemRAT ("Chemistry Research Administrator Team").

Computer Support would like to hold regular meetings with the ChemRATs, for
our benefit as well as theirs. Too often, Computer Support sees
administrators only when there are problems, and while we have a good idea of
what goes wrong, we'd like to hear some feedback about what works. Also, we
hope that the ChemRATs will have ideas about new and different services we
can offer to research groups, to make their lives with computers more
productive and less stressful.

Along with hearing from the ChemRATs, we also plan on teaching. We hope we
can share some knowledge that will be useful here at Chemistry, or any work
that involves computing. This might include hands-on computer hardware
demonstrations, operating system tips and tricks, security briefings to
comply with Chemistry-specific policies and computer security in general, or
many other topics. Our hope is that both Computer Support and the ChemRATs
benefit from this group.

Come on, sign up to become a RAT!

Ideally, every research group in the Department should have one or two
ChemRATs. If you are the local administrator for a research group, or if you
would just like to learn more about computers, please send an email to
support@chemistry so that we can add you to our list of ChemRATs.


2) General News: Computer Security issues:


It is surprising to us that some of you are very concerned when receiving a
virus hoax, but often quite unconcerned about following the most important
security practices.

Here is a very small subset of good security practices (the ones violated
most often):

 - Windows NT/2000/XP and Unix computers must have good Administrator
   passwords

 - writeable NetBIOS shares (shared drives or folders) must be password
   protected

 - Windows computers must have current virus protection software

 - security fixes must be applied promptly

For a more complete discussion, please read

  Internal --> Computer Support --> Policy Statements --> Security Policy

Note that you'll be charged $250 if a computer in your jurisdiction is
either hacked or infected by a virus and due diligence was not followed
(see below).

In addition,

 - stay current with patches (Windows Update on Windows machines; see below)

 - ask us to join your Windows NT/2000/XP computers to the Chemistry Domain

 - don't run any peer-to-peer (Napster-like) file sharing services (see below)

In the past, we occasionally ran into problems with computers administered by
students who didn't have sufficient experience and who didn't seek our help.
If you are a faculty member who allows his/her students to manage your
computers independently and without consulting with Computer Support, you are
doing yourself, your student, and potentially the entire Department, a
disservice.

See the section on ChemRATs above for an attempt to reach out to research
groups and spread the word.


3) Windows News: Securing Windows desktop computers:


The best method for keeping any Windows computer secure is to reliably apply
all Service Packs and Security Fixes.

In COMPNEWS 41, we announced the Windows AutoUpdate service, which will
automatically install all approved fixes on Windows2000/XP computers in the
Chemistry Domain.

It is important to point out that this service has two requirements:

 - the PC must run Windows2000 Service Pack 3, or WindowsXP Service Pack 1

 - the PC must be a member of the Chemistry Domain

If you want to help us keep your Windows computers secure, ask us to join
them into the Chemistry Domain, if they haven't been joined already. There
are still a lot of PCs, especially older models, running Windows 95, 98, ME
and NT. Wherever possible, we'd like to upgrade those to Windows2000 Service
Pack 3.


4) General News: Charging for security violations (reminder):


As of March 2002, the Department has been charging for any computer that
becomes compromised due to lacking or outdated virus checking software or
other actions or configurations that are against our Security Policy and lead
to a compromise. This was announced in COMPNEWS 39 (March 15) and has been in
effect since then. The Security and Charging Policies can be found on our web
pages under

  Internal --> Computer Support --> Policy Statements

We remind you again that all computers on the departmental network need to be
configured securely. Virus checking software must be current, NetBIOS shares
must be password protected, all accounts must have passwords, etc.


5) General News: Forward your email to chemistry:


We emphasize again that there are good reasons to forward all the email you
regularly access from within the Department to your chemistry address. This
is especially true for your osu.edu email. If email doesn't go through our
mail server, it won't be screened for viruses. Neither osu.edu, nor Physics,
for example, have virus filtering capability on their mail servers.

Of course, you have up-to-date Antivirus Software on your desktop Windows
computer :-) However, any kind of security measure is best applied in
layers. Desktop Antivirus Software is your last line of defense; it is not
only prudent, but also better and safer to block viruses before they enter
the Department.

Further good reasons to forward email to chemistry are:

 - We have SpamAssassin on the mailserver to mark spam mail (see COMPNEWS
   41). If you don't want to receive messages promising lower mortgage
   rates, this service can help.

 - If you forward email elsewhere, you're subject to size limitations and
   quotas; your mail will bounce if you're not careful, and there is nothing
   we can do to bring it back (see COMPNEWS 42).

 - Our email delivery has traditionally been more stable and timely than the
   service offered by OIT.



6) General News: Peer-to-peer file sharing services, music swapping:


Don't install any peer-to-peer file sharing and/or music swapping software on
any computer in the Department, regardless of the computer's owner. While
these services can be used for legitimate purposes, in most cases the files
exchanged may violate copyright laws. Both the RIAA (Recording Industry
Association of America) and MPAA (Motion Picture Association of America) have
been increasingly aggressively going after copyright violators. Would you
like to be the target of a law suit? We don't.

Not only is peer-to-peer software legally questionable, installing it opens
up your computer to serve files to others. If there are bugs in the software,
or viruses/worms/trojans, they can be exploited by outsiders to take over
your computer. Since you serve files to others, the software has a tendency
to use enormous amounts of network bandwidth. Recently, the OIT Security
Group notified us about a computer that was among the top 10 consumers of
network bandwidth for a prolonged period of time.

To make matters even worse, some peer-to-peer applications (e.g. Kazaa)
include spyware that collects personal information about you.

For further reading, see the excellent R.U.N.S.A.F.E. guidelines by James
Madison University at

  http://www.jmu.edu/computing/runsafe

The University of Chicago has published instructions for disabling
filesharing/uploading services. These instructions are useful if you insist
on trying out peer-to-peer applications at home at your own peril (note that
this is not an endorsement). You will still be able to download music and
other files, but others will not be able to connect to your computer, thus
reducing unneeded risks:

  http://security.uchicago.edu/peer-to-peer/no_fileshare.shtml.

As a general rule, if you want to use peer-to-peer file sharing software or
make a statement about free speech, do it at home. We don't want any of the
peer-to-peer music/filesharing services on any of the computers in the
Department. If we find it installed, or even worse, if we get notified by
OIT's Security Group, we have no choice but to remove it.


7) Mac News: Logins on Macintosh computers:


For the last 4 years, ever since a departmental Windows server was first
implemented, you needed a Windows account to log into Windows NT, 2000 or XP
computers in the Department. The Windows account allows you to login on any
Windows computer in the CHEMISTRY Domain.

While you might have had a local account, or a password-protected screen
saver, on your Mac, there has been no department-wide authentication system
for Macintosh computers.

With the advent of MacOS 10.2, Macintosh computers can be integrated into the
same authentication system used by Windows computers in the CHEMISTRY domain
(this authentication system is called Microsoft Active Directory).

As soon as this integration is tested, the Macs in the Lab 2105 NW will be
modified to require logins. Macs in administrative offices and research areas
can follow.

This integration will result in one account, your Windows account, being able
to log you into all Windows and Mac computers in the domain. After login,
your U: share will always be connected, regardless of the type of computer
you sit at.

Your Unix account, which you use e.g. to access your email, or to
authenticate department procurement requests (DPRs), remains separate. More
details about your computer accounts can be found in the FAQ

  Internal --> Computer Support --> Chemistry Department Related FAQs -->
           --> Why do I have so many accounts/passwords?


8) General Tips: Did you know that...?


 ... chemistry.ohio-state.edu and www.chemistry.ohio-state.edu are two
     different computers? You use the first address, among other things, to
     access your email, and the second address for web pages.

 ... you need to remember your passwords? See FAQ "Why do I have so many
     accounts/passwords?" The most frequent reason why users think the DPR
     system, or their Eudora, or the Calcium calendar is broken is because
     they can't remember their password, or they don't know which password to
     use. PLEASE read this FAQ. Really.

 ... you may not deploy wireless access points (e.g. Apple Airports) in the
     Department? Open access points are against University policies, and they
     allow anybody on the street to get behind our firewall.

 ... you're not supposed to remove shortcuts, remove software or install
     any software on the PCs in the Computer Lab 2105 NW?

 ... if you use one of the Macs in the Computer Lab 2105 NW, you need to
     authenticate with your osu.edu username/password before you can use
     an application that accesses the network (such as SciFinder)?

 ... staff members should not attempt to install new software on their
     computers themselves? Usually such attempts result in broken systems,
     and it often takes hours to fix them.

 ... you are supposed to send all requests and problem reports to

        support@chemistry.ohio-state.edu

     and NOT to individual members of the support staff? Otherwise, you might
     not get any response if one of us is sick, on vacation, or very busy
     with other tasks.

 ... our FAQs on the web pages contain lots of information about
     recurring problems? Check them out under

        Internal --> Computer Support --> Chemistry Department Related FAQs

     If you have a question that looks like something that somebody else may
     have asked already, try checking the FAQs first.

 ... we perform daily backups of Unix home directories and email spools on
     the chemistry Unix server, as well as daily backups of all U: shares on
     the Windows file server? There are NO BACKUPS of files on individual
     PCs, Macs or Unix workstations.

 ... if you get a message from someone telling you that IBM or another
     computer company just released info about the latest and most terrible
     virus, or one that says that this warning is very new and to SEND IT TO
     EVERYONE YOU KNOW! this message is very likely a hoax? See

        Internal --> Computer Support --> Security and Virus Information

 ... Computer support has two words to say about ANY MESSAGE that says 'send
     it to everyone you know':

       DO NOT!

     Send it to us, and we will verify its urgency and authenticity and warn
     the chemistry community appropriately.

 ... laptops being taken in and out of the Department represent a huge
     security exposure against which our firewall and other tools are
     powerless? Unless you have secured your laptop, have disabled
     unnecessary services, have kept up with patches and are running a
     personal firewall, it is only a question of time until disaster
     strikes.

 ... we cannot tell you your current passwords on Unix or Windows? Passwords
     are stored in encrypted form. We can only change them. If you want to
     have a password changed, please stop by in person and bring an ID.