What is Nexus?
Nexus is the campus-wide Microsoft Windows network at the University of Waterloo. Information Systems & Technology manages the Nexus domain controllers, which provide domain management for computers joined to the Nexus domain, and directory services supported by lightweight directory access protocol (LDAP).
Most campus computing systems authenticate directly to the Nexus domain controllers. New students and employees automatically receive Nexus accounts when their information is added to the University of Waterloo Identity and Access Management (WatIAM) system [1].
Students, faculty, and staff members are provided with personal storage space provided through a network drive. The “N” drive is on a central server, which is regularly backed up. It is called the “N” drive because it is accessed by a drive with the letter N on your computer, but really maps to a network location on a server and can be accessed in other ways when required.
If a file on your network drive is created and kept for at least a week and then deleted, it can be recovered by snapshot for 17 weeks. You should use the network drive for storing all your important files, as it is more secure than storing it on your computer’s hard drive. [2]
What services use Nexus authentication?
- Eduroam (wireless) UW-unsecured (wireless)
- LEARN
- Quest
- myHRinfo
- myPENSIONinfo
- Virtual Private Network (VPN)
- Any webpage or service that displays a Central Authentication Service (CAS) login page [3]
How reliable are network drives?
Network drives like the “N” drive provide the most reliable and secure storage space for students and staff. The file servers that provide this service are enterprise-grade, and have higher reliability and additional redundancy that is not present in standard computers.
Information stored on your personal network drive is considered private. However, users should be aware that normal system maintenance procedures, such as regular backups or routine troubleshooting might involve access without users’ consent. In such cases, files are not viewed and personal data is not collected.
Similarly, users should also be aware that certain information such as login records, network traffic, services used and by whom is gathered routinely. This information may be used during an investigation of possible inappropriate computer or network use [4].
What security controls are there?
- Endpoint protection
Endpoint protection can be used by students, instructors, faculty, researchers, and, staff. [5]
Endpoint protection encompasses what used to be just virus protection, and additionally protects the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices.
Each device with a remote connection to the network creates a potential entry point for security threats. Endpoint protection is designed to secure each endpoint on the network created by these devices. [6]
https://enterprise.comodo.com/images/endpoint-protection.png
- Firewall administration
A Firewall is a physical device or software that provides a layer of security into a network or computer. Its primary task is to only permit allowed traffic to pass through and block all other traffic. [7]
Firewall affects staff, students, and faculty members at the University of Waterloo because any Internet traffic going into and out of campus passes through the firewall.
Information Systems & Technology manages the Firewall for the campus. This involves physical administration of the devices, design of firewall zones, and routine move/add/change/delete (MACD) operations for the Firewall rules [8].
https://www.tunnelsup.com/what-is-a-firewall/
- TSL/SSL certificate management
Information Systems & Technology issues GlobalSign host certificates, personal, and code signing certificates for University hosted systems. Certificates are a form of identity verification that help secure communications between web servers and clients by making sure the communication is with a trusted server.
It is recommended that web services be configured to use secure connections by default and that requests for http resources be redirected to https. TSL/SSL certificate management is a service only offered to staff. [9]
https://www.globalsign.com/files/8214/1281/5159/globalsign-gmo-vector.png
What risk assessments are there?
- Security assessments
Information Systems and Technology can perform a variety of security assessments for staff and IT support staff. Examples include:
- Web application assessments: performs code reviews and external penetration tests against your application to uncover any flaws or insecure practices that could threaten the application's data.
- RFP assistance: IST can provide a security review of the product or service your RFP is seeking to acquire to help ensure that it is secure.
- Departmental assessment: IST can assess your department's overall IT security posture and provide recommendations on how to improve it. [10]
- Vulnerability scanning
Vulnerability scanning is available to faculty, researchers, staff, and IT support staff. Information Systems & Technology can perform vulnerability scans of your network segment to help identify hosts offering vulnerable network services.
Scans routinely look for vulnerable network-accessible services, and can be performed upon request [11].
What security incident management is there?
- Forensic examinations
In the event that a vulnerability on your system has been exploited, or a virus has been installed, IST can perform forensic analysis to determine the exact nature of the problem and offer recommendations on how to resolve it. Forensic examinations is offered to students, instructors, faculty, researchers, and staff [12].
- Log aggregation and analysis
Log aggregation and analysis is offered to IST staff. IST provides the ability to aggregate logs from various parts of IST infrastructure and perform analysis on them to flag suspicious activity [13].
- Network security monitoring
IST provides a network monitoring service to assist with incident detection and investigation. Some of these tools include Bro and Snort. [14]
https://www.bro.org/images/bro-eyes.png
https://www.upcloud.com/support/wp-content/uploads/2015/12/snort_logo-300x164.png
Why are network drives important?
All Arts students Nexus accounts include 2.5 GB of personal disk space and 1 GB of profile space. This gives students a way to back up important files [15].
The N: drive is mounted to your personal disk space on a Nexus network, regardless of which station you log into. The network drive is the ideal location to store the first copy of most of your files [16].
There is also support available online if a student or staff is having trouble with their network drive:
Nexus computers will show other drive letters. The C: drive is the local hard disk, which is usually not backed up. USB drives (or CDs if you still use them) can show as D:, E: or higher letters.
The N: drive is used to save files onto, and to retrieve files from your personal disk space on a network file server. Copies of your N: drive are saved every hour, night, and week.
These daily copies are saved all the way back to two weeks for easy retrieval. This ensures if you accidentally delete or overwrite files saved on N: drive, you can retrieve your files from back-ups for up to 17 weeks.
Using network drive lowers the risk of losing important files. It also ensures that files are not accessed by anyone except the user or by anyone who is not permitted to accessing those files. Overall, network drives help makes a safer environment for everyone at the University of Waterloo.
References
[1] WatIAM. (2017, May 25). Retrieved from https://uwaterloo.ca/information-systems-technology/services/watiam
[2] File storage. (2017, September 14). Retrieved from https://uwaterloo.ca/environment-computing/services/file-storage
[3] Nexus troubleshooting guide. (2017, June 14). Retrieved from https://uwaterloo.ca/information-systems-technology/services/nexus/nexus-troubleshooting-guide
[4] Guidelines on use of Waterloo computing and network resources. (2016, September 23). Retrieved from https://uwaterloo.ca/information-systems-technology/about/policies-standards-and-guidelines/campus-network/guidelines-use-waterloo-computing-and-network-resources
[5] Endpoint protection. (2017, September 19). Retrieved from https://uwaterloo.ca/information-systems-technology/services/endpoint-protection
[6] Beal, V. (n.d.). Endpoint security. Retrieved from https://www.webopedia.com/TERM/E/endpoint_security.html
[7] J. (n.d.). What Is a Firewall? Retrieved from https://www.tunnelsup.com/what-is-a-firewall/
[8] Firewall administration. (2016, July 29). Retrieved from https://uwaterloo.ca/information-systems-technology/services/firewall-administration
[9] TLS/SSL certificate management. (2017, August 01). Retrieved from https://uwaterloo.ca/information-systems-technology/services/tlsssl-certificate-management
[10] Security assessments. (2016, July 08). Retrieved from https://uwaterloo.ca/information-systems-technology/services/security-assessments
[11] Vulnerability scanning. (2016, July 08). Retrieved from https://uwaterloo.ca/information-systems-technology/services/vulnerability-scanning
[12] Forensic examinations. (2015, December 23). Retrieved from https://uwaterloo.ca/information-systems-technology/services/forensic-examinations
[13] Log aggregation and analysis. (2015, December 23). Retrieved from https://uwaterloo.ca/information-systems-technology/services/log-aggregation-and-analysis
[14] Network security monitoring. (2016, August 18). Retrieved from https://uwaterloo.ca/information-systems-technology/services/network-security-monitoring
[15] Nexus. (2017, October 11). Retrieved from https://uwaterloo.ca/arts-computing/help-and-support/nexus
[16] Managing files on Nexus. (2017, October 04). Retrieved from https://uwaterloo.ca/arts-computing/managing-files-nexus