Archive for the ‘Network’ Category

Windows Server 2003 reaches its End-of-Life on July 2015

Thursday, June 25th, 2015

Microsoft will provide a final bunch of patches for Windows Server 2003 on July 14th. 2015. After then, no more security and stability fixes are going to be released. This means that still running Windows Server 2003 machines conflict with the ETH Bot (Acceptable Use Policy for Telematics) which requires that every computer connected to the ETH network must be fully updated and secured.

The central IT security group of ETHZ continuously inspects the network streams for signatures of XP and Windows Server 2003 computers. If you have a running Windows Server 2003 machine connected to the public network, please migrate the operating system to a newer version i.e Windows Server 2012.

If you have any questions or need help please do not hesitate to contact the ISG D-PHYS Helpdesk

Server Maintenances this Week: E-Mail and BackupPC

Tuesday, June 17th, 2014

We have scheduled a software maintenance of the D-PHYS mail server for tomorrow, Wednesday, the 18th of June 2014, starting in the late afternoon around 5pm. A downtime of all D-PHYS mail services during the evening will be part of the maintenance. The downtime is expected to take approximately 15 to 30 minutes.

During the downtime sending and receiving e-mails will not be possible and the web mail service will be not available. Incoming mails during the downtime will be delayed.

Additionally there will be a downtime of our "BackupPC" backup service for laptops and lab PCs due to server relocation on Thursday (19th of June 2014) starting around 9am.

Keep in Mind: Windows XP reached its End-of-Life one Month ago

Thursday, May 22nd, 2014

Microsoft provided a final bunch of patches for Windows XP in April 2014. Since then no more security and stability fixes are going to be released. This means that still running Windows XP machines conflict with the ETH Bot (Acceptable Use Policy for Telematics) which requires that every computer connected to the ETH network must be fully updated and secured.

The central IT security group of ETHZ continuously inspects the network streams for signatures of XP computers. In the D-PHYS public networks they still detect around 15 Windows XP based computers. If you have a running XP machine connected to the public network, please migrate the operating system to a newer version i.e Windows 7.

In case you are forced to keep Windows XP up and running, you can migrate the machine to our eXile network. Simply send the required information to isg@phys.ethz.ch after you've read and understood the eXile Terms-of-Use, so we can prepare the machine for the eXile network.

If you have any questions or need help please do not hesitate to contact the ISG D-PHYS Helpdesk

Heartbleed OpenSSL Bug and D-PHYS Services

Friday, April 11th, 2014

On Monday the public was made aware of a severe bug in OpenSSL, a cryptography library which is used as the core of many cryptographically secured IT services. Since the bug was in the Heartbeat extension it has been named "Heartbleed".

This bug allowed attackers to stealthily access parts of the memory used for cryptographic actions, i.e. it may include digital keys in use on servers or passwords transferred over encrypted connections.

If you used any password-protected D-PHYS web services or the D-PHYS mail server between 12th of December 2013 (or used the BackupPC web-interface since end of 2012) and Tuesday, the 8th of April 2014, there is a very small chance that your D-PHYS password and possibly other transmitted data may have been leaked to an attacker. We currently have no indication that this has actually happened on our servers.

To be safe, you might want to change the password of your D-PHYS account and any other account where the same password is used. See this Heise article for a discussion (in German) about whether you should change your password or not.

(more…)

How to keep your Windows XP Installations living on after End-of-Life

Friday, February 7th, 2014

As announced in an earlier post last year, Microsoft is going to end the support for Windows XP in April 2014.logo

After this date the central network security group of the ETH will frequently scan our public networks to identify any existing Windows XP machines. Every Windows XP detected by such a scan will be disabled on the network level since it is strictly prohibited to keep this operating system up and running on the public network of ETH.

Since we are aware that there may be Windows XP machines living on after the end-of-life date, we worked out a solution to support these situations and to help you not to get in conflict with the network usage regulations.

We founded a project called eXile which provides very locked down network environments that are monitored by advanced security techniques and provide excessive firewall setups. Furthermore eXile provides easy interfaces for you to manage your computers and overview the security state and network access to your machines in eXile.

You can send your machines to the eXile when they match one of the following scenarios:

  • Lab computers (controlling, collecting measure data, or monitoring other systems)
  • Industrial computers
  • Embedded systems

The following applications are not suitable for eXile and need to be migrated to a supported operating system:

  • Office Computers
  • Computers on which internet access needs to be available
  • Computers on which emails are received and sent
  • Computers that provide any services to public computers in the internet

Please note that eXile should not be seen as an excuse not to migrate your Windows XP to a supported operating system as soon as possible. The purpose of eXile is really only to address those few machines that are somehow locked to their operating system.

Nevertheless we invented eXile to address the Windows XP end-of-live problem, it is capable to take up any other computer for which you want to have an extra level of security or on which you run any other outdated or insecure operating system.

If you think your remaining Windows XP computers are candidates to send to eXile, we would be happy if you could send a message to isg@phys.ethz.ch  and inform us about the number of computers and what application you are using these computers for. Later this month a web interface will be made available on https://exile.phys.ethz.ch/ where you can directly register every machine you want to send to eXile.

After eXile is fully online, another post will be submitted here.

HIT Building: Network Interruption next Friday Morning, 9th of March

Tuesday, March 6th, 2012

ID-Kom plans to upgrade the access routers of the HIT building next Friday morning (9th of March) between 6:00 and 7:30am. This causes a network interruption for about 15 minutes during this time in the HIT building.

All D-PHYS Servers located in HIT D 13 are not affected by this interrupt and are reachable from outside the HIT building at any time.

Network Interruption Today from 7pm to 8pm

Wednesday, December 7th, 2011

Today, the 7th of December 2011, around 7pm, there will be a complete network interruption in the whole Department of Physics for about one hour. The central ETH IT Services (“Informatikdienste”) will replace the hardware of the core router to the HPx network zone (includes the HIT building).

Wireless LAN should not be affected, but as the servers will be offline, too, you won't have access to files or mails on the servers, i.e. don't expect to be able to work during the network downtime. The technicians will reconnect the servers first, so access to the servers from the outside of the Department or via WLAN will be restored earlier than 8pm. Workstations and printers will get network access back afterwards.

Short Network Outage on Thu Jul 7, at 7am

Tuesday, July 5th, 2011

This Thursday, the 7th of July 2011, around 7am, there will be a short network interruption in the whole Department of Physics. The central ETH IT Services ("Informatikdienste") will move our network zone to new hardware, necessary for some future services.

Additionally, the WLAN Landing Page of the "public" network will have a maintenance downtime from 7am to 8am.

New SSL certificates for some ISG D-PHYS managed services

Wednesday, April 13th, 2011

We just deployed new SSL certificates for some of our services. Sending e-mails via our mail server no longer requires the import of our root CA certificate beforehand, but may require a restart of your e-mail client. Internal websites (like account management and password changing) or websites which are hosted by us and don't end in .ethz.ch got new certificates signed by our new root CA certificate. To avoid annoying and irritating warnings, we recommend you import our root CA certificate into your web browser.

The new root certificate will be installed in the web browsers on our managed workstations within the next days, too.

DHCP Server Upgrade on Wednesday 5pm

Tuesday, April 5th, 2011

On Wednesday, the 6th of April 2011, starting around 5pm we will upgrade the operating system on the two D-PHYS DHCP servers. This should not cause any interruptions for computers which are already online, but computers which connect to our network between 5pm and 6pm may not get an IP address assigned immediately. As these computers mostly will be mobile devices, we suggest to switch to the wireless network instead for that evening.