Cables Installed January 2003 Shielded Ethernet

Return-Path: <martyt@pobox.com>
X-Sender: martyt@pobox.com@pobox.com
Date: Wed, 05 Mar 2003 14:23:28 -0600
To: ghoward@kent.edu
From: Marty Tippin <martyt@pobox.com>
Subject: PJ2T Computer Recommendations
X-Virus-Scanned: by AMaViS 0.3.12pre5

Geoff

After spending a lot of time chasing down and eradicating the computer 
virus/worm problems last week, I've come up with some recommendations which 
I think we need to turn into operating policy and/or conditions of rental.

These are in no particular order:

* Any computer which is to be connected to the internet *MUST* run the 
ZoneAlarm firewall software. This is currently installed on both of the 
computers which have modems connected to the phone line (the small compaq 
and PC3). The importance of this software cannot be overstated -- it 
prevents malicious users from accessing our computer while it's dialed up, 
and it gives advance warning before a malcious or unknown program installed 
locally tries to contact the internet. With the PCs being dialed up for 
long periods of time, the exposure to the outside world is significant, and 
I'm almost certain it's that exposure which started the virus problems we 
found.

* EVERY computer *MUST* run Norton AntiVirus and the virus definitions 
*MUST* be updated regularly on every machine. More on this later.

* EVERY computer *MUST* get Windows O/S updates applied to it regularly. 
More on this later also.

* Non-CCC rentals should be expressly forbidden from doing any of the 
following:
- Installation of ANY software on the CCC computers without prior 
written consent.
- Connection of any non-CCC owned computer to the LAN at PJ2T. This is 
an exposure for viruses.
- Using Microsoft Outlook Express on any CCC computer at any time. This 
is a common source of virus infections.
- Modification of any control panel settings on a CCC-owned computer 
without prior written consent.

I also think we should state in the rental agreement that any computer 
problems found to exist after a rental will be fixed at the renter's 
expense, with labor billed to the renter at $100 per hour. We really need 
to make the point that the computers aren't something they can mess with, 
any more than the antenna setups, etc. are.

* All computers MUST be set to the correct local time, and must use "GMT -4 
Caracas, La Paz" as the timezone. WriteLog is smart enough to deal with the 
timezone and conversion to Zulu time without any problems. The only 
possible issue will be if Curacao observes Daylight Savings Time or some 
other funky gyration which changes the GMT offset during part of the year. 
When I checked, the boxes were set to a hodge-podge of different timezones, 
none of them correct. There's no reason to set the computers to a GMT +0 
offset.

* Every computer is running NTP (Network Time Protocol) software which 
keeps the clocks of all PCs in sync with a master server on the network. 
Currently the master server is PC3. When PC3 is connected to the internet, 
it synchronizes the current time with any of various network NTP servers. 
The software on PC3 then broadcasts the time to other servers on the local 
network. It's imperative that the software (Tardis) be installed on 
whichever machine is going to connect to the internet, and that it be 
configured to broadcast to the local network. The non-master computers run 
software called "K9" which is a simple applet, started automatically from 
the Startup menu, and listens for the master server's broadast. EVERY new 
computer put into service there must have either Tardis or K9 installed on 
it, depending on whether it's a master or slave computer.

* The three new Pentium III computers should be put into service ASAP, with 
the other computers put into the reserve mode. We had significant problems 
with the IBM computer at station #2, as it's soundcard interface just 
wasn't up to the task of supporting WriteLog's DVK. I put one of the new 
Compaq PIII boxe into service about 2 hours into the contest and it 
performed *flawlessly* for the entire contest - the only problem I had was 
an incorrect timezone setting. The small Compaqs are usable computers, but 
when our log got to about 5000 Qs, it was taking upwards of 10 seconds to 
save the log after every 20 QSOs, during which time the PC was unusable. 
The PIII box saved the log in less than 2 seconds even at the end of the 
contest and never had any problems on the network or with the soundcard. I 
put that Compaq back in the east bedroom and re-attached the IBM to the 
network because I wasn't sure what software you had on it that was 
important. If you have time on your next trip, I'd really like to see those 
Compaqs put into service.

* Regarding Norton Antivirus updates and Windows O/S updates:

New releases of the Norton AntiVirus definitions come out about once a week 
and can be directly downloaded from www.norton.com in .exe format, which 
can then be executed on each computer at PJ2T to update the definitions 
there. The download is about 3.3MB, which is a bit obnoxious to download 
over a dialup line.

Windows 98 updates are also available for download from Microsoft, though 
not in a convenient form. It's less critical that we keep the Win98 updates 
current, as we don't install a lot of new software on the PCs.

HOWEVER -- any computer which is going to connect to the internet MUST 
regularly pick the "Windows Update" option from the Tools menu and install 
any "critical" updates which are recommended by the web pages which come 
up. This is, again, to prevent exposure to viruses on networked PCs. This 
only needs to be done every few months, but it shouldn't be neglected.

I propose that we provide each renter with an updated copy of the Norton 
AntiVirus update definitions on a CDROM, with instructions for installing 
the updates on each PC -- it's as simple as putting the CDROM in the 
computer and running one executable. No rocket science involved. I will 
deal with getting the CDROMs to the renters if you'll give me enough 
advance notice of who's renting when and where I should send a CDROM to.


Let me know if you have comments or questions, and also let me know what 
the next step is in getting these "recommendations" firmed up into official 
policy for Signal Point.

-Marty