MERIT

ANN ARBOR, Mich. — With a record number of presentations and attendees, the sixteenth-annual Merit Member Conference raised the bar for the prestigious event. There were 362 attendees and nearly 45 presentations during the conference, which was held at the Ann Arbor Marriott Ypsilanti at Eagle Crest.

Merit welcomed individuals from Merit Member organizations across Michigan and from as far away as Maryland and New Jersey. Throughout the conference, Merit honored the 248 Merit Member organizations with special signage in the common areas and at the reception.

At the Merit Awards ceremony held May 22, Merit recognized those who have been leaders in technology and have assisted the Merit Community. Five individuals from the Merit Community were honored for their contributions and efforts.

The Network Inside Out: New Vantage Points for Internet Security
J. Alex Halderman, University of Michigan

Internet measurement and assessment were the primary focus of Professor J. Alex Halderman’s keynote presentation. He and his students have been using a new tool, called ZMap, to conduct Internet-wide scans.

In recent years, the SSL Observatory and the Carna Botnet have conducted Internet-wide scans, Halderman said. The SSL Observatory measured the state of https by probing every https address on the Internet, and the project took six months for three people. In 2012 the Carna Botnet used 420,000 infected machines to slowly probe the Internet.

ZMap, an open-source tool, can scan the entire IPv4 address space in under 45 minutes, with 98% coverage. The tool scans in batches, but tries to avoid flooding hosts by timing its scans. Over the past two years, Halderman and his students have performed over 300 Internet-wide scans with ZMap. In their research, they’ve found that scanning one packet per host will reach 97.9% of all hosts. If they increase the scan rate to three packets per host, they can reach 99% of all hosts, but they have found no meaningful correlation between speed and the response rate.

ZMap has been used to measure the effects Hurricane Sandy had on the Internet and for detecting numerous vulnerabilities. During their scans, they found that 3.34 million devices that use the Universal Plug and Play (UPnP) protocol were vulnerable to attack and that 15% of web sites were still vulnerable to the Heartbleed bug and were using compromised keys.

Halderman said that the web site www.scans.io contains a repository of Internet-wide scans that can be used for research purposes.

To conclude his presentation, Halderman talked about a new anti-censorship tool, called Telex. Currently in the prototype stage, Telex is being developed to enable open Internet browsing in countries with censorship policies. You can learn more about it at https://telex.cc

Incident Response: Are You Ready?
Brett Miller and Jonathan Mills, University of Michigan Medical School

Using a set guidelines from the National Institute of Standards and Technology (NIST), Brett Miller and Jonathan Mills outlined the phases of incident response:

• Preparation – Brett Miller recommended planning and making checklists in advance when you have plenty of time to prepare. IT staff should engage with your organization’s legal and
  compliance teams before something happens. He said it is wise to learn the notification duties that may be part of contracts and to prepare an incident response team structure in advance. Also, IT staff should know where your data is located and what obligations you may have. Miller also recommended establishing a call tree for escalation and to prepare the internal and external communications strategies in advance.

• Detection – Monitor external and internal reports for DDOS attacks, spamming, and network anomalies.

• Analysis – Brett Miller outlined some of the questions that need to be asked as part of the analysis: What sort of incident is it? When did it start? Are other systems affected? What data was accessed? Are there breach notification duties?

• Containment – Miller recommended not logging into the affected system and to isolate the system from the network. IT staff will need to weigh whether or not to turn off the machine, and first responders should consider whether a thumb drive may become infected if they try to use it to load software on to the affected system.

• Eradication – IT staff will need to determine what kind of hack/infection took place. Miller said to be careful about preserving forensic evidence and that re-imaging the machine may be the only certain method to eradicate the infection.

• Recovery – Documents or data may be infected, and you will want to ensure that the files are clean before they are put back into use. If possible, get the documents from the backups that were done prior to the infection. Virtual machine snapshots can make the recovery process easier.

• Post Incident – Go over the lessons learned from the incident.

At the end of the presentation, Jonathan Mills reviewed some hypothetical examples of IT infections and breaches, and provided short responses for each example.

IT, Complexity, and Cost: A View From The Trenches
Paul Groll, State of Michigan

Paul Groll examined complexity and growth in information technology during his presentation. He compared the the growth and recruitment of IT staff to the ecology of an ocean reef, where the recruitment of new individuals can be based on competition, predation and by chance.

He examined growth, competition and disruption through mathematical equations. First, he considered the logistic growth equation where the intrinsic growth rate of a species and the carrying capacity of the environment directly impact the total number of species. Based on the growth rate, you could determine if an organization has enough capacity to continue to grow or if the organization needs to scale back its growth.

He next examined growth and capacity through a series of graphs. Groll said that unmanaged chaos is expensive to operate and that step-wise consolidation can achieve the lowest level of complexity.

MINECRAFT IN MODERATION: Operating a Successful Minecraft Server
Eli Neiburger, Ann Arbor District Library

“Minecraft is awesome. It’s fun,” Eli Neiburger stated at the start of his presentation.

Ann Arbor District Library (AADL) has been operating a Minecraft server for two years, and the 3-D gaming software is very popular. Neiburger said that over 50 million copies of the software have been sold, surpassing sales of Call of Duty and many other popular games. Neiburger said it routinely takes the library’s staff 20 minutes per day to maintain their Minecraft server.

AADL has set up their Minecraft world to resemble downtown Ann Arbor. Buildings, streets, and landmarks have been recreated to resemble their real-life counterparts. The library has a rule that the outsides of the buildings must be constructed in Minecraft to resemble the exteriors of actual buildings, but the insides of buildings can be made to be whatever the builder’s imagination creates. For example the Ann Arbor District Library branch in Minecraft looks just like the outside of the actual building, but the inside has a roller-coaster and other unexpected details.

Most of the users that participate in Minecraft at the library are in middle school, but there are some adults who enjoy recreating buildings from downtown Ann Arbor in the library’s virtual world.

The library’s Minecraft server operates in creative mode, so that users can spend time building and creating in Minecraft. They have outlawed anything that can destroy or create a mess, such as TNT and water.

Work in Minecraft is done at the command line, and users can explore AADL’s Minecraft world by typing commands, like “Warp Hill Auditorium” to travel to Hill Auditorium.

Neiburger recommended several open-source modifications for Minecraft that AADL is using:

• Craftbukkit – Manages plug-ins and JAR files.

• Log Block – Stores previous saved versions of Minecraft and saves logs of who made modifications.

• Always Day – Pins the sun at noon, so that it’s always daytime in the user’s Minecraft world.

• Justwarp – Allows you to store and create warp points within Minecraft.

• Dynmap – Allows you to make a dynamic scalable map of Minecraft server.

• World Guard – Allows you to prevent revisions of a Minecraft map, which is helpful for preventing edits.

• Worldedit – Allows for copy/paste and to import something from outside of Minecraft.

The library’s Minecraft server is located at: minecraft.aadl.org

Today’s Tech Landscape
John C. Dvorak

For the lunchtime keynote address, John C. Dvorak provided a humorous look at the past 40 years of computing.

The promise of personal computing meant a freedom from batch processing, freedom from supervision, independence and creativity. Word processing, data processing, desktop publishing, telecommunications and database management allowed the user to accomplish the impossible.

The nomenclature of computing has changed over time, from microcomputer to personal computer to desktop computer to workstation. From the sneakernet to the office network to the ethernet to the Internet.

The IT landscape began with a centralized structure and over time has moved back to that structure. Batch processing later became desktop computing which eventually became cloud computing.

Before 1975, the user had no rights and was only a borrower. Between 1975 and 1982, the user was a maker, an owner with rights. Between 1982 and 1999, the user was a buyer, a licensed owner. From 1999 to present, the user is again a borrower of software with no rights.

The computer revolution has returned the user to 1975, where its controlled by the experts, programmed by the experts, and run by the experts. The final blow was done by the iPhone.

Dvorak said, “the excitement is over… Facebook is what the masses wanted all along.”

“Attempts to salvage something from the computer revolution… Bring Your Own Computer.”

Catching the Big Phish
Kevin Hayes, Wayne State University

Phishing is an old problem, but attackers are constantly changing their methods. Kevin Hayes provided an overview of how Wayne State University (WSU) detects and deals with phishing attack emails.

WSU makes its email users change their passwords every six months and encourages students and staff to make their passwords complex. Still, WSU has a couple of email accounts each day that need to be locked because they were compromised.

To identify new phishing campaigns, WSU staff look for anomalies related to user accounts, such as sudden bursts of activity after dormancy and changes to the Zimbra signature. The University also receives reports of phishing via email and from a zimlet located in their Wayne Connect email system.

After WSU staff receive a complaint about a possible phishing email, they examine it for violations. If the reported email meets their criteria for phishing emails, WSU staff will respond to the phishing attack by blocking the URL, DNS or IP address at the firewall, by changing email filters, or by emailing the abuse contact at the offending location. They also sometimes use “honeypot” credentials to track an attacker’s next steps.

Hayes said that WSU’s anti-phishing program has successfully identified fraud associated with stolen account credentials and that they have been able to identify and contact affected individuals.

Future plans for their anti-phishing program includes more automation and analysis. They would also like to implement two-factor authentication and more self-service security.

Creating An Accountable Organization
Don Welch, Merit Network

Don Welch, a facilitator for the Academy Leadership program, gave an inspiring talk about leadership and accountability.

“Accountability starts with the leader,” Welch said. The leader sets the tone and leads by example, developing a plan and setting expectations. A leader should keep promises and commitments every day, as well as create clear goals and expectations.

Welch said not to let people off the hook. Accountable behaviors should be expected–no blame or excuses. Accountable behaviors include: follow through; anticipate; recognize and reward; delegate and build trust. If there is a problem, assume your staff is doing their best, and you let them down. If you don’t do anything to help, you are the weak link.

A leader should view conflict as an opportunity for improvement, Welch said. Encourage people to be open and frank, not vindictive. Manage conflict in a proactive, respective manner. Evaluate people and processes frequently. Discipline is a long-term decision, Welch stated.

When holding others accountable, you should set clear goals and deadlines. Know what someone means when a person says they will do something (will they do it? try to do it? or do nothing at all.). Accountability starts and ends with the leader; no excuses, no blame.

Keeping Perspective During a Security Incident
Nathan Dragun, Merit Network

During his presentation, Nathan Dragun briefly examined three real-world examples of security incidents. Each case dealt with a hacking incident in which the affected organization was unprepared.

He encouraged attendees to get prepared and to plan ahead. Know who plays which role when an incident happens and train each level of staff. He recommended assessing an organization’s risk and mitigating any issues. By playing out a disaster, you can test the effectiveness of a plan and fine-tune it as needed.

Open Source Portal and Mobile Solutions
Lori Tirpak, Aaron Grant and Dave Derderian, Oakland University

Oakland University has implemented a portal system using uPortal, an open source system that supports single sign-on and can be easily configured with Banner, a technology solution for education. Their MySail portal gets between 50,000 and 100,000 sessions per day, and their MySail application has been downloaded 12,500 times for iOs. The user demographics of the MySail portal have been 66% desktop, 26% mobile, and 7% tablets.

To supplement the content of the MySail portal, they have included interactive sections called Apereo Portlets. The portlets provide information on specific topics, such as financial aid, courses, the academic calendar, bus transportation, and degree progress. Each portlet has been modified to match Oakland University’s color scheme.

For more information about uPortal, please see www.jasig.org, and for more about the portlets, visit www.apereo.org/uportal

Network Neutrality: The Evolving Global Debate
Johannes M. Bauer, Michigan State University

“Network neutrality is one of the biggest and most important topics in the policy debate,” Johannes M. Bauer said at the start of his presentation. “The rules, if they are adopted, will effect everyone.”

There are political, economic and societal benefits for openness and neutrality. A neutral Internet supports free speech, democratic participation, and empowers citizens. It facilitates “permission-free” innovation at the edges of the network. An open Internet contributes to harnessing the benefits of the Internet for education, health care, and society at large.

The the three principal positions are:

• “Strict” net neutrality: Proponents of a stringent approach assert that realizing the benefits of the Internet requires a network architecture in which all datagrams are treated equally, independent of source, destination, and application.

• “Weak” net neutrality: Proponents of a more modest vision suggest that the benefits are optimized in a network organization in which quality of service differentiation is acceptable as long as it serves a reasonable purpose and discrimination is avoided.

• “Market-based” net neutrality: Proponents suggest that an unregulated market-based solution is the most efficient way to allocate and price bandwidth.

Bauer stated that the early Internet’s end-to-end architecture emerged from a series of pragmatic design decisions among the engineers and scientists running it. From these choices, a unique layered “end-to-end” architecture emerged in which applications and services are logically at the edge of the network, and the core network serves mainly as a transportation platform.

A supportive policy environment helped the development of the early Internet, but policy changes and other forces have impacted its growth. Increasingly, the Internet is used for media and entertainment purposes, and the Internet has grown to include private IP networks, which were developed to provide a higher quality of service. Bauer said that broadband-access markets and content markets are increasingly vertically integrated and concentrated, which raises concerns about unfair competition.

Overseas, the European Union introduced a legislative proposal in 2013 that was intended to end discriminatory blocking and throttling of network traffic and to deliver effective network neutrality. The Netherlands and Chile have also adopted laws to support network neutrality, Bauer said.

The majority of countries seek “weak” net neutrality, according to Bauer, where the differentiation of applications and services is permitted, unwarranted discrimination is avoided, and network management is allowed to acheive desirable goals such as increased security and reliability.

In 2010, the FCC Open Internet Order included guidelines for network policy transparency and prohibited blocking and unreasonable discrimination. In January 2014, the order was overturned.

On May 15, 2014, the FCC adopted a Notice of Proposed Rulemaking on Protecting and Promoting the Open Internet. It proposed to preserve the 2010 definitions with enhanced transparency obligations and a renewal of the no-blocking rule.

Bauer said several countries have adopted net neutrality principles but more rely on other safeguards. The biggest challenge in the United States is finding a net neutrality solution that can survive a judicial review.

Video Surveillance Technology and Practices at Wayne State University
Melissa Lesperance, Wayne State University Police Department

The Wayne State University Police Department (WSUPD) was established in 1966 and is a 24/7 full-service police agency. It has 60 officers, which are all sworn-in by the City of Detroit. The department has a 90-second to two-minute response rate.

In 2007, they installed the NICE System, a video surveillance system that is used by many high-profile locations around the world, including the Statue of Liberty and the Eiffel Tower. WSU’s installation has 30 pan-tilt-zoom cameras and over 850 stationary cameras. The system uses both IP-based and analog cameras and includes 300 TB of storage. The cameras are tied into a series of television monitors in the WSUPD’s central dispatch area. The police department has three dispatchers working at all times, with one dedicated to watching the video system.

In 2011, WSUPD began an optically-patrolling initiative, where dispatchers now patrol the campus using the video surveillance system in order to prevent crime and catch criminals in the act. In addition, they use the camera system for all traffic stops, acting as the backup for an on-duty police officer.

Lesperance said that the video surveillance system has been very successful. Since 2011, the NICE System has contributed to 44 arrests and established contact with a perpetrator over 170 times. Dispatchers that have been optically patrolling have observed a crime 25 times.

Design of a Tier III+ Data Center for Simultaneous Use by the Commercial, Municipal, and Academic Communities: A Case Study With Design Alternatives and Selection Criteria
Patrick R. Turner, Schoolcraft College

Schoolcraft College is in the process of building a data center on its campus. Patrick Turner discussed the design considerations involved in the creation of the space, which will serve the school and also be leased to interested organizations.

The goal of the data center is 100% uptime, with 24/7 monitoring and client access. The center features a high-efficiency heating and cooling system with dual utility feeds that go to DTE Energy’s substation near the campus. Each utility feed goes to a separate transformer.

Patrick Turner said that batteries are responsible for 50% of unplanned outages and that 98% of power disturbances that hit batteries last less than 10 seconds. He said that they decided to use a flywheel backup power system as opposed to backup batteries since the flywheel can be more reliable.

Schoolcraft College has an oil well on campus, and Turner said that the excess natural gas from the well will be used to feed a natural gas generator for the data center.

Turner stated that redundancy and monitoring are the two most important needs of a data center. Schoolcraft College’s data center will have multiple carrier fiber-optic connections for redundancy, and the data center will be monitored by security officers.

Proactive Management of Classroom Technology Using Open Source Tools
Paul Gallagher and Rod Flori, Wayne State University Libraries

A major component of Wayne State University’s library system is the support of classroom technology for three campuses. They support the front-end technology for student and instructional computing, supporting 300 classes. They maintain over 1,000 desktops, 21 lecture motion-capture devices, 70 cameras, and much more.

To monitor the health and use of the technology resources, they use Nagios, an open-source tool that provides comprehensive monitoring. Their small support staff uses Nagios Core, which is free, with Ubuntu and in-house customization.

The help desk uses a workstation with two monitors to actively keep track of devices. Their motto is “Green is good, red is bad.” When a device is working normally, the indicator in Nagios appears green. If device that is being monitored stops responding, the indicator on the screen turns red. In addition, they receive email notifications when a device isn’t working properly.

The Nagios implementation went live in June 2013, and it has been very successful. They described how a large chemistry lecture was scheduled to be recorded, and the monitoring system detected a problem after four minutes. The support team was able to quickly fix the problem in time to record the class.

Paul Gallagher and Rod Flori highly recommended Nagios, and you can learn more about the system at www.nagios.com. They said that www.nagios.org has helpful downloads and VMware templates.

Merit’s Community: The Year Ahead
Don Welch, Merit Network

To conclude the conference, Don Welch provided a look back at Merit’s accomplishments over the past year and looked ahead to the organization’s goals for 2015.

Next year’s Merit Member Conference will be held May 13-14, 2015, at Ann Arbor Marriott Ypsilanti at Eagle Crest.