Network Info & Policies

System Status & Statistics

Resource graph: Bits In/Out (64 bit Counters)

Example of the I2 Commercial Peering (OB1) graph from OSU Border Traffic

Network Policies

Important: The following are network policies developed and managed by Information Services. It is your responsibility to understand any other applicable policies developed by departments and colleges, as well as all university-wide OSU IT policies.

OpenNMS Server Monitoring

Network Services uses OpenNMS to monitor servers for several groups on campus.

Please visit the server monitoring page for more information on OpenNMS and Testutil.

Domain Name Policy

OREGON STATE UNIVERSITY: APPROPRIATE USE POLICY FOR OSU INTERNET DOMAIN NAMES

Access the Domain Name Request Form to acquire a new domain.

1. OSU assigned Internet Address and Domain Name space

Oregon State University has been assigned the Class B block of IP addresses 128.193.0.0 - 128.193.255.255 by the American Registry for Internet Numbers (ARIN). In addition Oregon State University has registered the following Internet Domain Names with the InterNIC:

  • oregonstate.edu
  • oregonstate.biz
  • oregonstate.info
  • orst.eu
  • orst.info
  • orst.net
  • orst.biz
  • orst.org
  • orst.com

As of January 1, 2002, our preferred Domain Name is OREGONSTATE.EDU.

Contacts
Technical: Kirsten Petersen, IT Manager
Managerial: Jon Dolan, Director, Network Services
Business: Jon Dolan, Director, Network Services

Oregon State University is responsible for managing all of these assignments. There is no association between our assigned block of IP addresses and our registered domain names other than associations that we make using Domain Name Service.

2. Domain Name Service

The Network Engineering Team (NET) is responsible for implementing and/or delegating Domain Name Service (DNS) for ALL systems connected to the campus network, and for coordinating this service with other campus units. DNS provides mapping between domain names and their IP addresses used for routing of network traffic to all destinations.

3. 3rd Level Domain Names

A 3rd level domain name is that portion of the name immediately preceding OSU's registered domain name. OSU departments, programs and approved activities are eligible to use OREGONSTATE.EDU domain names upon request to the Network Engineering Team. This request must be from a dean or department head and will either be approved by the IS OSU Domain Name Review Committee or forwarded to the Associate Provost for Information Services for consideration. REQUESTS should be made to Network Engineering.

Typically, a department or organization would apply for a 3rd level domain name which implies its name or function as in the examples below.

Unit Domain

  • a college: engr.OREGONSTATE.EDU
  • a program: smile.OREGONSTATE.EDU
  • a team: net.OREGONSTATE.EDU
  • a server: ftp.OREGONSTATE.EDU

In general, workstations and server names should be at the 4th level, behind a 3rd level domain name, in which case consultation with NET is unnecessary. To be considered for a 3rd level name a server would need to be of global interest to the Oregon State University community. Example: ftp.OREGONSTATE.EDU

Network administrators may assign/create additional subdomains, aliases (using CNAMES), or machine names behind their own 3rd level domain name, again without the need to consult NET. For example:

  • machine name rex.NWS.OREGONSTATE.EDU
  • subdomain NWREC.AES.OREGONSTATE.EDU
  • alias beasley.UCS.ORST.EDU

4. Non-OSU registered Domain Names

All domain names pointing to OSU network addresses (IP space) must be approved by the IS Domain Name Committee and maintained by Network Engineering. To be considered, a "non-OSU registered" domain name must be requested by a dean or department head, be consistent with the OSU Acceptable Use Policy (OSU AUP), and it must be demonstrated why the requested name should not be within OSU registered domain name space (i.e. OREGONSTATE.EDU).

Domain names used as aliases to content provided entirely by OSU may be approved only on the condition that the URL is rewritten to reflect an OREGONSTATE.EDU domain name. For example, a hostname like project.org might be approved on the condition that when visitors put http://project.org into their browser, the URL is rewritten to http://oregonstate.edu/project

Requests should be sent to Network Engineering and will either be approved by said committee or forwarded to the Vice Provost for Information Services for consideration.

In all cases, departmental workstations and servers on OSU's network will be registered in the department's domain. This is reflected in the DNS registration of the IP address, otherwise known as a DNS "A Record". This assures that network administrators can always determine at least what organization/department claims responsibility for that machine. These machines may then be assigned approved aliases using CNAMES, as in the following examples.

Alias Machine name (CNAME) Responsible Group

www.FORESTLEARN.ORG     COF.OREGONSTATE.EDU              College of Forestry
alumni.OREGONSTATE.EDU  www.ORST.EDU                         WebWorks
cn-mom.cn.ORST.EDU         cn-mom.tss.OREGONSTATE.EDU   Technology Support Services

5. No Fees for Assignment of Domain Names

The creation of domain names by NET is done free of charge. However, other  services associated with a name, such as web server or web page hosting, may not be free. These services are available on a cost recovery basis from IS (Central Web Services) and possibly other departments.

6. Naming Conflicts and Priority

Domain names are generally available on a first-come, first-served basis. In cases where a desired name or alias/CNAME is already taken, NET can explain the options. NET surveys the database regularly to avoid naming conflicts and preserve the OSU AUP and otherwise protect the interests of Oregon State University.

7. Unacceptable Domain Names

The Oregon State University network is for instruction and research use only, as indicated by the OREGONSTATE.EDU domain name suffix. In general, other suffixes such as ".com", ".net", etc., are not acceptable for OSU domain names. Requests for inappropriate domain names - names that are not consistent with OSU's mission and the OSU AUP - will be not be approved.

Reasons for rejecting applications for 3rd level domain names include but are not limited to the following.

If in the opinion of the Domain Name Review Committee:

  • The implied scope of the name exceeds the intended use of the name as indicated in the Domain Name Application.
  • The requested name would generally be considered vulgar or offensive or would reflect poorly on Oregon State University.
  • The proposed activity to which the requested name would be attached would violate the Oregon State University network AUP.

Individuals and groups wishing to host servers, websites or networks that are outside the scope of the OSU acceptable use policy will be required to obtain Internet service and Domain Name Service from a local or national Internet Service Provider (ISP).

8. Exceptions

Unusual name requests, circumstances, and issues will be referred to the Director of Network Engineering and/or the IS Management Group for further consideration, as appropriate. Final determination will be subject to the approval of the Associate Provost for Information Services. Decisions of the Domain Name Review Committee may be appealed to the Vice Provost for Information Services.

9. Problem Resolution

In cases where faculty and staff are involved in creating or hosting an unacceptable domain name on a system that uses an OSU IP address, NET will first contact the individual and attempt to resolve the issue directly.

If this fails, the Department head and the Director of Network Engineering will be notified. When undergraduate or graduate students are involved, whether on the residence halls network or elsewhere, the responsible manager will contact the student first to attempt to resolve the issue. Failing this, the student will be referred to the office of Student Affairs and the Director of Network Engineering (Shay Dakan) will be notified.

11. OSU Recourse

If issues are not resolved in a timely fashion, NET is authorized to

a) remove the inappropriate domain name or alias/CNAME
b) filter the system's IP address or
c) disconnect the system from the network,

depending upon the nature and severity of the problem. Notice of any such action will be provided to the responsible parties and units, as well as to the Information Services Management Group.

Network Outage Policy

Our standard Outage windows are as follows:

  • Saturday 10:00PM - Sunday noon
  • Tuesday and Thursday mornings before 8:00AM
  • Holidays and Breaks

NOTE: These are general outage windows. For some services, these outage windows may not be appropriate, and another time may be chosen. Network Engineering will work with affected units to minimize outage impact on their operations.

Maintenance that does not cause service interruption may be performed at other times, depending on the scope and potential impact of the change.

All planned outages will be announced no later than two (2) business days before the outage. Emergency outages may need to be performed at other times and will be announced as soon as possible.

All outages will be announced on the Outages mailing list and will be posted to the Outages Log here: http://intranet.nws.oregonstate.edu/blog/archives/category/enterprise-network/outage-announcements

Maintenance work that is non service-impacting will be announced to the Maintenance Log, posted here: http://intranet.nws.oregonstate.edu/blog/archives/category/enterprise-network/maintenance

Network Security Policy

Oregon State University Network Security Policy
May 26, 2000

OSU's network shall be run in a secure manner, with reasonable steps taken to protect electronic data assets owned and/or managed by Oregon State University, and the transmission of them.

Responsibilities

Information Services is the appropriate agency to manage and register data networks and their connection to other data networks for Oregon State University. Network Engineering is responsible for the design, maintenance, and operation of the overall OSU network. Each department has the responsibility to run their sub networks in a manner consistent with University Policies and consistent with the University Mission and Goals.

Scope

All computers connected to OSU's network must have the appropriate authorization from a recognized representative of OSU. All such authorized computers will be allowed to use an Internet Protocol (IP) address within the 128.193.0.0 class B address space owned and managed by OSU in addition to other communications protocols as appropriate. All computers connected directly to OSU's network are subject to this policy.

Actions to be taken by Network Engineering Team (NET) personnel for various Network Security Events as defined later in this document:

Definitions

  • CERT - Computer Emergency Response Team
  • DOS attack - Denial of Service Attack
  • NET - OSU Network Engineering Team
  • Network - An arrangement of hardware, software, and end stations interconnected to allow sharing of electronic information.
  • Network Administrator - Person responsible for the network on which the affected node resides.
  • Port Scan - Programmatically connecting to more than one TCP port and/or more than one machine.
  • Security event - Actions taken on the network which jeopardize, or threatens to jeopardize, the integrity of OSU's Network (or other Networks) or actions which violate Federal or State Law.
  • SPAM - Unsolicited bulk email
  • System Administrator Person responsible for the affected node.

1. Monitoring. NET will take reasonable steps to monitor the campus network in a way that will detect common network attacks originating either on or off campus.

2. Reporting of Security Events. Security Events are to be reported to the email alias abuse@oregonstate.edu and to the node and or network administrator originating the event. Reports made by phone must be followed up with an email report. In addition to log files showing dates, times, and specific host information regarding the event, the report must include the name and contact information for:

  • The person making the report.
  • The victim(s) of the event.
  • The likely perpetrators of the event.

3. Response. Once NET has determined the nature of the Event, and has an understanding of who is doing what to whom, the following actions may be taken by NET personnel:

  • Disable access to local hosts.
  • Filter remotes sites from campus network.

Both of these actions will usually be done at the campus border router in which case, email will be sent to the following aliases informing them of the block:

Assuming there is no evidence that the system has been compromised, the following aliases will also be informed:

 

In some cases, it may be appropriate to disable access to a node at a point closer to the node than the border router.

For single user workstations it may only be possible to notify the Network administrator.

  • Notify appropriate System Administrator and/or Network Administrators.
  • Notify OSU Director of Network Services.
  • Notify OSU campus legal authorities.
  • Notify law enforcement agencies.
  • Notify CERT.
  • Report incident to other sites which track specific types of abuse, ie SPAM.
  • Consult with local system and network administrators in securing their departmental networks.

4. Re-enabling of blocked hosts. Hosts that have had their access to the network blocked by NET will be re-enabled once NET Security personnel have a reasonable belief that the system is no longer a security risk.

OSU Mailing List Policy

Information Services fully supports the use of the University's computing and networking resources by the OSU community. Information Services has a responsibility to ensure these resources are being used responsibly, and must be in a position to take corrective action should a problem occur.

OSU Mailing lists are currently hosted on Mailman. Information about this service can be found here: http://lists.oregonstate.edu

IS will support mailing lists that meet the following guidelines:

  • Maintenance of the list is performed by a member of the faculty, staff, or student body who is the owner of the list. The owner confirms that the list meets the guidelines on this page. The owner is the contact in the event a system problem arises, or an abuse of the network is detected.
  • A list owner is designated to maintain the list, answer inquiries, track down address changes, remove subscribers who violate list guidelines, and remove addresses causing mail loops. When absent, the owner must ensure that an alternate performs these tasks.
  • The list owner (or alternate) must read mail regularly.
  • The purpose of the list is for OSU-related business.
  • Use of the list conforms to the Acceptable Use Policy of OSU.
  • In situations where the list is interfering with normal operation of the computer system or network, IS will notify the owner (or sponsor). IS will shut down the list if the problem is not corrected promptly.
  • In the event that a list is running without a list owner, due to a retirement or re-location, Information Services will contact the list and give a two week deadline to find a new owner. IS will have no alternative but to shut down the list if a new owner is not located within the two week period.

Out-of-Band Policy

The IS OOB network is intended for out-of-band access to systems in the Milne and Kerr data centers. To connect a system to the OOB network, please contact outofband@lists.oregonstate.edu for assistance.

Users of the OOB network are subject to the following use policy:

  1. No person shall dual-home a host on the OOB network and the OSU network. OOB gateway hosts will be provided by IS and access will be restricted to registered OOB users only.
  2. No person shall attempt to gain access to a system they do not manage on the OOB network.
  3. System administrators should change the default password for all OOB connections.
  4. System administrators shall notify the OOB gateway managers of any issues or need for special software.

Mail Statistics

OpenNMS Server Monitoring

Network Operations uses OpenNMS to monitor servers for several groups on campus.

Publicly-Viewable Reports

Service or node outages can be configured to send email or generate pages, or both. The web interface allows you to view past and current outages, and acknowledge outage notifications.

If your department has servers that need to be monitored, please email us for more information.

OpenNMS Accounts

Full access to OpenNMS requires an account. Contact us to request a user account. Please include your first and last name, department, and preferred username if you do not want one generated for you.

Once you get your account you should be able to login at the OpenNMS login page.

Testutil

Testutil is a utility for Linux and Solaris servers that will monitor cpu, memory, disk utilization and mail queue size and send traps to OpenNMS. Contact us for download information and to configure notifications.