Danielle Gauntz, Web Desinger, had her baby daughter on July 3, 2015.  She will be back, providing full time web support on September 8, 2015.  Her tentative plans include working 10 hours per week, starting July 20,

Shandelle Pepper is the technician providing Word Press support through December.  Don’t hesitate to give her a call.  She is glad to meet with you one-on-one or as a group. Her contact information is:

• e-mail  peppers@wou.edu
• phone 503-838-8493

WordPress resources can be found here.

Windows XP support has ended, as of April 8, 2014.  Microsoft suggest that you are five times more vulnerable to security risks and viruses, which means you could get hacked and have your personal information stolen, if you continue to run Windows XP.

By default, Windows XP computers will be blocked from operating on the WOU network, after July 1, 2015.  If you have a critical need that requires Windows XP, please send me a note and I will design an alternative operating path for you.

If you don’t know which operating system you are using, contact the Service Request Desk at 88925 and they will help you identify the OS.

• Deployment of cameras began approximately twelve years ago
• Currently 170 cameras installed
• Located in smart classrooms, computer labs, parking lots, building entrances, ball fields, …
• Cameras record on motion, no sound is recorded
• Recordings are stored 7 – 10 days
• The newer cameras are HD 5 megapixel cameras
• Review of camera footage is most often done after a theft or damage to property, but includes inclement weather, construction progress, classroom support, …
• Three UCS employees and Public Safety can directly access video recordings

Utilization

• Wireless user and bandwidth utilization

Rogues and Interferers

• Rogues are access points that don’t belong to the WOU network and may be masquerading as a WOU access point
• Interferers are devices that are transmitting on the same frequency as the WOU wireless access points.  Most interference occurs in the 2.4Ghz frequency spectrum.  This could include cordless phones, microwave ovens, Bluetooth, rogue access points and xBoxes.
• Users, rogues and interferers
• Interferers
  • Interferer overview
  • Bluetooth link risk in a wireless environment — 2.4Ghz frequency hopping
  • Bluetooth discovery risk in a wireless environment — 2.4Ghz
  • WiMax risk  — 5.0Ghz, frequency hopping
  • xBox risk — 2.4Ghz frequency hopping
  • Microwave oven risk in a wireless environment — 2.4Ghz
  • Microwave location
• Rogues
  • Rogue “most likely” location
  • Rogue access point details
  • Rogue history

802.11 a/b/g/n/ac

• Example wireless statistics for MacBook Air
• 802.11 a/b/g/n are available in all WOU wireless locations
• 802.11 ac deployment was begun in new locations in December 2014.
• To take advantage of the higher speeds available with 802.11 n/ac, multiple antennas are required.  This is referred to as MIMO (multiple input, multiple output)

• Frequency
  • 802.11 b/g/n — 2.4Ghz
  • 802.11 a/n/ac — 5.0Ghz
• Channels
  • 802.11 b/g/n
    • Available channels include 1 – 11
    • The effective channels include — 1, 6, 11.  Utilizing other channels in the 2.4Ghz range will cause interference to the channels on either side.
  • 802.11 a/n/ac — The effective channels include — 36, 40, 44, 48, 52, 56, 60, 64,100, 104, 108, 112, 116, 132, 136, 140, 149, 153, 157, 161, 165
• Speed — theoretical
  • Wireless is a shared resource.  Each user shares the bandwidth with every other user using an access point.  If there is a slow user connected to an access point, that slows down access for every other user.
• 802.11 n — 300Mb/s — 100Mb/s per antenna  (MIMO)
• 802.11 ac — 1.3Gb/s — 400Mb/s per antenna (MIMO) on 5Ghz
• 802.11 ac — 450Mb/s — on 2.4Ghz
• 802.11 a — 54Mb/s
• 802.11 b — 11Mb/s
• 802.11 g — 54Mb/s

• Year developed
  • 802.11 b — 1999
  • 802.11 a — 1999
  • 802.11 g — 2002
  • 802.11 n — 2009
  • 802.11 ac — approved January 2014

Phase 1

• Install physical and virtual firewall infrastructure
  • Redundant Firewall Design — physical layer
• Create / Update firewall rules
  • Example of Border Firewall rules
    • Example of BadGuys

Phase 2

• Install physical and virtual intrusion prevention system
• Create VRFs (virtual routing and forwarding)  on core routers
  • VRF and IPS (intrusion prevention system) design
• Create / Update intrusion prevention rules

Summary:

The core WOU network router pair failed to pass traffic beginning at 9:30am on January 14, 2015.  Partial network throughput was restored at 12:40pm and a full recovery occured at 9:00pm January 14, 2015.

Timeline:

• Campus network outage began at approximately 9:30am on January 14, 2015
• UCS responded immediately and went into diagnostic mode
• Cisco TAC support was engaged at 10:30am
• High CPU utilization was identified as an issue on the core campus router pair at 11:00am
• Call placed to local Cisco representative for additional support at 11:30
• Call placed to NERO (the WOU ISP) engineer at 12:30
• NERO diagnostics led to finding a server that was identified as pushing an excessive amount of ARP request to the router.  The server was removed from the network at 12:40pm
• Several networks were pulled out from behind the firewall, allowing network traffic to flow again
• CPU utilization went from 99% to 86% after server was removed from the network
• About 12:50 the CPU utilization had climbed back to 99% even though the server had not been reconnected to the network
• Additional Cisco support provided about 1:00pm — at this point we had three Cisco engineers on the phone and connected to our router pair via a Webex call.
• By late afternoon, I requested additional on-site support from Mt. States Networking.
• A Mt. States engineer was on site by 6:00pm
• At ~8:15pm, the router netflow process was identified as a culprit in the high CPU utilization.  After the netflows were removed, the CPU utilization fell from 99% to 23%
• All networks were moved behind the firewall and traffic continued to flow properly.
• The suspect host that was removed in the morning was returned to service and the CPU utilization on the router immediately climbed to 99%
• The suspect host was removed

Forensics:

• February 15, 2015
  • Our unix systems administrator has been reviewing the suspect servers logs and discovered the server had been compromised.  This server is running openstack OS.
  • We know that whoever compromised the server did not gain direct access to it via ssh or telnet
  • Forensics work continues…