Minutes of Working Group Meeting

Gemini, Hilo

September 7, 2000

Present:

• Laurie Bass (Gemini)
• Jonathan Chock (Keck)
• Tony Denault (IRTF)
• Ryusuke Ogasawara (Subaru)
• Don Mickey (IfA)
• Ruisheng Peng (CSO)
• Jacques Peysson (Gemini)
• Ron Reed (Smithsonian)
• Pui Hin Rhoads (IfA)
• Henry Stilmack (JAC)
• Tony Sylvester (VLBA)
• Kanoa Willington (CFHT)

Absent:

• 88"

Minutes

Change in Membership

Pui Hin reported that Bob Link and Tod Fujioka have left CFHT and Gemini respectively. Pui Hin welcomed Kanoa Willington of the CFHT who replaced Bob Link. The position of Tod Fujioka is yet to be filled, but welcome was extended to Laurie Bass and Jacques Peysson of Gemini. Also the working group said goodbye to Ron Reed of SMA who would be returning to the Mainland the following week.

Current Network Status

There was one incident to report. On July 1st, the ATM OC3 interface of the HP Cisco 7206 router failed. The card was replaced.

IRTF and 88" were migrated to ATM on June 27th, Keck was the last to convert around the same time. The FDDI is completely de-comissioned.

The serial card to be installed in the HP Cisco router for Internet access backup is on order.

Henry Stilmack reported some problems with the Fast Ethernet Link at University Park. He suggests we lower the speed from 100 Mbps to 10 Mbps.

At CSO Hilo, the Linux router is not handling RIP properly, static routes are currently used. Ryusuke Ogasawara suggested that changes in the kernel are necessary and will email Ruisheng any information on the subject he can find.

Ruisheng Peng reported that CSO has been approached by the department of Tropical Agriculture to establish a radio link to the CSO. Pui Hin suggested asking Tropical Agriculture to contact her directly.

Hilo Based Network Support (re-advertised)

There are three applicants this time around. None of the applicants has the experience that we would like. However, since this is already the second time we advertised, Pui Hin would like to select someone among these applicants as long as she is satisfied that the candidate will work out well with training.

Security Issues at HP

One of Subaru's Linux machines at HP was compromised. According to Ryusuke Ogasawara, the machine was broken into through the vulnerability of rpc.statd and in.ftpd buffer overflow under Red Hat Linux 2.2.5-15. Programs such as pscan, osscan, and statdx-scan modules were found under the directory /dev/.a.

Pui Hin asked if it is nececcary to restructure the network at HP to make it easier to administer and monitor. For example, we can set up ATM PVC VLANs so that computers at HP belonging to an organization become part of the organization's network. Access to those computers is controlled solely through the organization's gateway and firewall. This will allow each organization to set up security policy as needed. The only downside to this is that an ATM switch-router is needed at HP.

Henry Stilmack, on the other hand, thought that HP is inherently insecure because of the nature of access. Some network security can be implemented at the public routers, and individual organization needs to be be responsible for computer machine security.

The consensus is not to take any expensive approach at this time.

Next Meeting

December 7, 2000, 10:00 a.m., IfA Hilo.