Committee meeting - November 17, 2022

Sarah McKone  
Secretary to the Committee     
November 17, 2022 
    
Present:  Steven Bourque (chair), Andrew McAlorum, Bill Baer, Don Duff-McCracken, Erick Engelke, Greg Parks, Jason Testart, Lori Paniak, Nick Springate, Pratik Patel, Robyn Landers, Trevor Bain 

Guests: Jeff Voskamp, Nathan Lee, Mike Patterson 

 
Regrets: Adam Savage, Paul Miskovsky, Pam Fluttert 

 
Agenda   

  1. Presentation: Endpoint Detection and Response project (Nathan Lee, Mike Patterson) [10 min.] 
  2. Discussion: Tools for ongoing Red Hat Linux maintenance (Jeff Voskamp) [10 min.] 
  3. Chair’s Remarks 
  4. Approval of the minutes from Thursday, November 3, 2022 [5 min.] 
  5. Wireless authentication (Steven Bourque) [10 min.] 
  6. Roundtable discussion – all [20 min.] 
  7. Next CTSC Meeting [Will be held Thursday, December 1 at 1:30 p.m.] 

Presentation: Endpoint Detection and Response project (Nathan Lee, Mike Patterson) 

  • Looking for participation in the Endpoint Detection and Response RFP, two roles' observers and scorers. Observers do not need to go to every presentation but can comment, these comments cannot contribute to the scoring. A smaller core team of scorers that must attend every RFP. 
  • The desire would be to install EDR on any device being utilized to work.  
  • The university last investigated end point monitoring for anti-malware/anti-virus in 2005. Currently relying on network monitoring.  
  • This project has been in consideration for a while and is high priority, although the budget is not technically approved for the new year. 
  • Some were under the impression that anti-malware/virus software was not recommended and had been communicating this to users.  
    • This is slightly different and meant to detect patterns of behaviour, not signature focused.  
      • Does the agent on the machine do this or is it constantly sending details to the cloud? It is cloud based, but generally only sends when something “weird” is detected.  
  • Can we pilot Microsoft Defender Endpoint?  
    • This can be done, although there is a good understanding of what Defender offers.  
    • This is available in the operating system and keeps the system protected. A free pilot could be leveraged with Microsoft that may provide good insight before engaging in an RFP. 
    • Defender has known issues with Macs and Linux 
  • There are a few vendor relationships that offer their own EDR; Qualys, Microsoft, Elastic 
  • There is the opportunity to request a 2–3-week pilot with the selected vendor prior to contracts being finalized. 
  • Currently there are quite a few laptops on-campus that are not visible to IST and are hoping to procure something that assists with this.  
  • Mike or Nathan can be contacted with any further questions.  

Discussion: Tools for ongoing Red Hat Linux maintenance (Jeff Voskamp) 

  • IST has been using Salt but there are problems with monitoring and when a quick turnaround is required. Looking into different solutions and hope to have an initial instance set up soon of ‘Satellite’ for RHEL and Landscape’ for Ubuntu with the hopes of testing before the new year. If you are interest in testing on a few devices in your area, please contact Jeff.  
  • Desire to be able to choose what is and isn’t sent to the device, and on what schedule.  
  • If others are interested in using a system like this, the work to get it running can be prioritized. 
  • Erick is receiving frequent daily alerts from security as many are running devices on Fedora Linux in Engineering. A case is building to have an organized way of doing this, and this work sounds promising.  
  • As the number of applications, you are running in Salt increases, the configurations start to go sideways. Regular patching is more effective in satellites. 
  • This will not lock us in to using a particular operating system, if someone still wants Ubuntu they can still have it.  
  • The intent is to make the maintenance tool generally available, particularly as there is an enterprise license for Red Hat. 

Chair's remarks 

  • None. 

Approval of the minutes of the previous meeting  

  • The previous meeting’s minutes were accepted as distributed.  

Wireless authentication (Steven Bourque) 

  • Please email Steven with location details if there is an area you would like included in the SSID testing. 
    • Room or location you want to do testing, access points are not necessary. 
    • If we are turning this on, it is desirable to do this for the start of the winter term. 
  • The Captive Portal issue has been resolved but the workaround still exist for their intended uses [MAC auth and event SSID]. 
  • Eduroam sponsored guest access is also being developed 
  • Continuing to work with Cisco on IP theft issue.  

Other Business/Roundtable 

IST, Andrew McAlorum 

  • IT Review Research Computing theme: The theme will not be treated as an entire project versus a project to inventory the existing resources. Wendy is the project manager and has written the charter to include all six components of the theme. Andrew will return to CTSC with more information when the project is in a state to do so. 

Math, Robyn Landers 

  • The M3 building had a scheduled power outage. All steps were taken to minimize disruptions to the UPS. When the power was restored, it was not confirmed that the UPS was satisfied with the restoration, and it resulted in the backup batteries being drained. If you are planning this maintenance ensure the UPS is satisfied with the power being restored not just that the power has been restored.