Hi Charles,
You raise good points and I can assure you that everyone involved thought
about and discussed them at length.
You are correct in your analysis concerning the fate of no longer supported
operating systems (Microsoft or anyone else -- if there is nobody producing
patches then it isn't safe to run it on the campus network). There will be
exceptions to this rule. Users who feel that they merit special
consideration may apply to CISC for an exception. However, the idea behind
that is for people who need to run outdated operating systems for
functional reasons (e.g. the computer operates lab equipment and relies on
specialized drivers that are only available for Windows98) not because of
cost. In fact it will not necessarily be cheaper to run the old OS as
granting the exception may be contingent on taking steps to mitigate the
danger (e.g. put it behind a firewall).
Yes, these measures will require that money be spent to bring some out of
compliance situations up to snuff. The truth is that it costs us a lot of
money to allow so many inadequately protected hosts on the campus
network. This shows up in the costs of operating SNS, staff time cleaning
up compromised systems, staff time combatting DOS attacks, lost
productivity due to viruses, compromised systems, network slowdowns,
etc. This is really more a matter of trying to reduce the overall cost to
the University and insure that faculty, staff and students can perform the
work that they are here for. The fact that it used to be OK to just
purchase, unpack and operate a computer any way one wanted was because it
posed so little threat to others. Nothing could be further from the truth
these days.
We do realize that this will require expenditures that many departments
will be hard pressed to accommodate. That is why there has been such
extensive discussion and such a long lead time. There has been a
particular effort to make the highest levels of the administration aware of
the policy and its implications. UC San Diego saw our minimum standards
and has already implemented it. We are proceeding more slowly, in part to
allow departments time to figure what strategies for compliance will work
best for them.
If a department needs to use computers then it needs to find a way to use
them safely.
Hope that helps,
GA
At 03:50 PM 6/21/2004, Charles E. James wrote:
>Good Afternoon, Everyone
>
>I am sure everyone here has noticed a possible trend but I wanted to put
>it out there for feedback.
>
>We now have minimum security standards that when in full effect will run
>like this (possibly).
>
>When Microsoft stops supporting a particular platform, i.e. NT, Windows
>98/2k, etc, then they will no longer put out security patches/service
>packs etc, correct?
>
>If they no longer put them out then when campus security scans and finds a
>system that is no longer up to date then they will send out a warning. If
>the warning is not heeded then they cut that system off from the network.
>This means that those systems will HAVE to UPGRADE the platform to comply
>with the new security standards.
>
>Now, Microsoft seems to be heading for a business practice of putting out
>programs that will no longer be backward compatible and after a version is
>out a specified period of time they stop supporting the fixes, etc...now,
>when that occurs will the departments HAVE to upgrade to stay within the
>standards? If they do, who will HAVE to PAY for the upgrades, etc.
>
>This could mean a great deal of money, since Microsoft can be expensive,
>to departments who have relied on their platforms lasting a long time.
>After all there are some out there still using 95/98/win2k, etc which may
>become obsolete by the above standards which means the department will
>have to fork over additional funds to comply.
>
>With the budget as it is and the lack thereof, will the campus provide
>that upgrade? If a department can not get the additional funds for their
>budget to make these upgrades then do they get cut off...where do they go
>for completing mission requirements with computers...? (there are a lot of
>workstations out there and that equals a lot of money)
>
>Just wondering.
>
>Charles
>
>--
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>Charles E. James, P/A I
>IST/Student Information Systems
>U. C. Berkeley California
>510-642-8440
>
>
>------------------------------------------------------------------------
>The following was automatically added to this message by the list server:
>
>For information about Micronet, including subscribing to
>or unsubscribing from its mailing list and finding out
>about upcoming meetings, please visit the Micronet Web site:
><http://micronet.berkeley.edu/>.
**********************************************
Gordon Adams
Planning, Analysis and Outreach
Communications and Network Services
UC Berkeley
510.643-2779
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
Received on Mon Jun 21 17:57:42 2004
This archive was generated by hypermail 2.1.8 : Mon Jun 21 2004 - 17:57:42 PDT