Reducing security risk on Web Browsers and E-Mail readers A large percentage of computer compromises occur from weaknesses in web browsers and e-mail readers. Please read the instructions below and take the appropriate steps for the software that you use. We all need to do our part to protect against further infections and attacks and the disruption in service that follows. Internet Explorer 1.Check your version of Internet Explorer. You should be running one of the following: (To check your version, go to the Help menu and choose About Internet Explorer) Version 5.01, Service Pack 2 Version 5.5, Service Pack 2 Version 6 The 5.5 and 6 versions are available from Microsoft Update and can be installed using the local admin account. If you cannot upgrade to 5.5 or 6 contact the support team. 2.Increase your security level to at least Medium in order to prevent your browser from downloading potentially unsafe content. From the Tools menu, select Internet Options... From there, select the Security tab. Click the Default Level button in the lower right area. Move the slider to security level Medium: Prompts before downloading potentially unsafe content. Outlook Express 1.Disable the Preview Pane to prevent Outlook Express from downloading mail messages with potentially unsafe content. Viewing email messages with the Preview Pane can cause viruses to activate. From the Tools menu, select Options... From there, select the Read tab. Deselect the box for Automatically download message when viewing in the Preview Pane. Outlook Express 6 1.Disable the Preview Pane to prevent Outlook Express from downloading mail messages with potentially unsafe content. Viewing email messages with the Preview Pane can cause viruses to activate. (Outlook Express and Outlook Express 6) 2.Prevent active content, such as ActiveX Controls and scripts, to be run from inside HTML e-mail messages. From the Tools menu, select Options... From there, select the Security tab. Click on the dot by Restricted sites zone (More secure). Netscape Generally, the less code that can be run by the browser or e-mail client the better. Java, JavaScript and JavaScript for Mail and News can be turned on or off in the Netscape preferences. At the very least disable JavaScript for Mail and News. You may also disable JavaScript and Java but this may become impractical since many laboratory and commercial web sites use Java and JavaScript. In the Edit - Preferences - Advanced menu, de-select JavaScript for Mail and News (if the box is checked). Thanks for your cooperation. If you need further assistance contact the Network Administrator ruben@auger.org.ar or the UTN Computing support groupsoporte@auger.org.ar Thanks to John Konc from Fermilab for this document.

Accessing Internet The local network at Malargüe is built starting from a dual network server consisting in two server-machines configured identically. The sub-network is a public Class C, connected via AUGER-firewall/AUGER-router to Internet, and via CDAS-firewall to Class B private CDAS sub-network. In the public sub-network there are several machines, included the DPA group, the CDAS public server, and others. Connecting your computer to the local network Note!!!: Before any modification in your configuration, please write your actual values in order to return to the original setup later. 1) Direct connection to Internet. You can plug in a computer in any of the sockets that are installed in the assembly building or the office building. Alternatively, you can use the Wireless Internet Service provided within the campus, which requires that you buy for your computer a wireless internet adapter that must be IEEE 802.11 compliant (b or g devices will work smoothly). Two configurations are possibles: - One with automatic address allocation (DHCP) for Visitors and Temporal Members. - One with static IP address (Malargüe permanent users only). Note: If a static address is needed, the administrators have to be consulted first. 1.a) In case of automatic adresses You should activate the DHCP automatic assignment and disable the DNS configuration. For Windows users: Start --> Control Panel --> Network Connections Right-click on top the LAN network connection and select Properties Then you should double-click on the following picture: You should activate the automatic IP as the following picture. To end, you need to disable the DNS. To do so, select the DNS panel and do as following: To activate the configuration, the system has to be restarted. Now go to the proxy configurating part (Below the "In case of an automatic adress" part). Click on this link 1.b) In the case of statics adresses Your configuration should be: IP address 168.96.148.xxx Netmask 255.255.255.0 Gateway 168.96.148.254 DNS1 168.96.148.224 DNS2 168.96.148.231 Domain auger.org.ar where xxx is a number assigned by the administrator (you need to check that your selected number is not being used simultaneously by nobody else!). Under UNIX -like, this configuration can be set up with the following commands (as root): # ifconfig eth0:0 168.96.148.xxx # route del default # route add default gw 168.96.148.254 Now go to the proxy configurating part (Below the "In case of an automatic adress" part). 1.c) Configurating the proxy.  Here is the last step! Note that proxy use is mandatory to access the outside network and keeps the bandwidth available for data transfers. For Windows users: Start --> Control Panel Click on the "Internet Options" icon. Choose the "Connections" panel. Click LAN Settings. Now configurate as following: For UNIX-like users: Open a terminal: Write: "netscape &" Under Netscape click on the "Edit" menu. Then click on "Preferences". Select "Advanced" scrolling part. Click on "Manual proxy configuration". Then configurate as following: 1.d) Connection behind the CDAS firewall.  If you have a UNIX machine (or if you have MS Windows and use it to connect with outside nodes), you can put it behind the CDAS firewall by connecting from the CDAS room. Connecting from the FD building. You need to set up the connection as DHCP and all parameters will be set up automagically ! If you have problems...  If you cannot resolve host names, be sure you have put the corresponding nameservers in your configuration. In most UNIX boxes, the file to check is /etc/resolv.conf, that should have something like search auger.org.ar nameserver 168.96.148.224 nameserver 168.96.148.231 If you are behind the CDAS firewall, you will not be able to use active ftp. That means that if you want to do ftp, you must enter after the connection as first command passive. If you are behind the CDAS firewall, it is impossible to be contacted by any host on the other side of the firewall. If you want people to connect to your computer, you must put it in direct contact with the Internet (see above). If you still have problems you can contact the Ruben Squartini - Computer Systems Administrator or Fernando Contreras - Computer Systems Expert Mail and Accounts The mail services are currently provided by a Mail Gateway installed at the site. To use it you first need an internal account in DPA/public group or in the Main Internet Server or you can just use your standard mail account and point your outgoing mail server to the Mail Gateway. If you have an account inside "auger.org.ar" The configuration is already set up in all the public machines. If you are setting up a your machine on the network use: Incoming mail: imap.auger.org.ar Secure SSL connection (port 993) Outgoing mail: smtp.auger.org.ar If your account is NOT @auger.org.ar Modify your actual configuration just to set up the Mail Gateway as your outgoing mail server Outgoing mail: smtp.auger.org.ar You can ask for a local mail account sending an e-mail to Ruben Squartini Presently, there is five user's machine available for opening accounts at the site. If you need an account on this machines (all Linux boxes), contact Ruben Squartini. Such accounts also enable to send and receive mail. Printing There are two public printers at the Office Building and one in the upper floor of the Assembly Building. A Hewlett Packard LaserJet 2100 TN (network laser printer) in the hallway of Assembly Building upper floor. The printer's name is: dpa.auger.org.ar and its IP number is: 168.96.148.229 To enable printing from a UNIX machine you need to define a queue for the remote printer. In those systems controlled by /etc/printcap entries, the queue can be enabled inserting in that file the following specifications: lp:sd=/var/spool/lpd/lp:mx#0:sh:rm=168.96.148.229:rp=:lp=:lf=/var/log/lpd-errs:rp=:lp=:lf=/var/log/lpd-errs: If you can not print, check if the /var/log/lpd-errs exist. If not create it and restart the lpd deamon. Configuration Documentation under WinXP: Open: Start --> Printers and faxes Double click: Add printer Click: Next Select: Local printer attached to my PC Be sure that the checkbox "Automatically detect..." is cleared. Click: Next Select: Create new port Select: Standard TCP/IP port Click: Next Click: Next Type: 168.96.148.229 Click: Next Click: End Wait some second to allow Windows to set up the new port Select: Vendor = HP Select: Model = HP Laserjet 2100 PCL6 Click: Next Click: Next Click: Next Click: End Configuration Documentation under Win9x/ME: The first things to do is to download two files from ftp://ftp.auger.org.ar/pub/drivers/LJ_2100TN/Win9x_ME/ - NetPrintig_Wizard_"language".exe - PCL6_Driver_"language".exe So, you have to launch the file PCL6_Driver_"language".exe A pop-up window asks you to choose a directory (by default is c:\ljxxx\) - Type "C:\HP2100TN" into the text box. - Click on "Unzip" button and next on "Ok" button. Now you can delete the PCL6_Driver_"language".exe file. Then, launch the NetPrintig_Wizard_"language".exe file. - Click on "Next" button. - Click on "Yes" button. - Click on "Next" button. - Click on "Next" button. - Check the "HP Network Printer Wizard" checkbox and click on the "Finish" button - Wait for the Wizard to start. - Click on "Next" button. - When the printer is found, click on the "Next" button. - Type "augerm" in the first pop-up window and validate with the "Ok" button. - Type "cosmico" in the second pop-up window and validate with the "Ok" button. - Verify that TCP/IP protocol is selected,   The right parameters in this window are:         IP Address: 168.96.148.229         Netmask: 255.255.255.0         Gateway: 168.96.148.254   and click on "Next" button. - Click on "Next" button. - Click on the "Use disk" button. - Select "C:\HP2100TN\hp2100p6.inf" - Click on the "Open" button. - Click on the "Next" button. - Set the printer name (pe: HP2100TN). - Click on the "Next" button. - Click on the "Finish" button. If the "Print a Test Page" was selected then check the Test Page in the printer and click on the "Ok" button. - Click on the "Ok" button. Congratulations !. You can now print on the LaserJet 2100. Finally you can delete the NetPrinting_Wizard_"language".exe file. A Minolta-QMS 3260 (network laser printer) in the CDAS room at the upper floor. The printer's name is: qms.auger.org.ar and its IP number is: 168.96.148.230 To enable printing from a UNIX machine you need to define a queue for the remote printer. In those systems controlled by /etc/printcap entries, the queue can be enabled inserting in that file the following specifications: lp:sd=/var/spool/lpd/lp:mx#0:sh:rm=168.96.148.230:rp=:lp=:lf=/var/log/lpd-errs:rp=:lp=:lf=/var/log/lpd-errs: If you can not print, check if the /var/log/lpd-errs exist. If not create it and restart the lpd deamon. Configuration Documentation under Win9x/Me: The first things to do is to download a file from ftp://ftp.auger.org.ar/pub/drivers/QMS3260/Win9x_ME/ QMS3260_W9x.zip Then, you have to extract all the files doing double-click on the icon A pop-up window asks you to choose a directory (by default is C:\TEMP\) - Type "C:\QMS3260" into the text box. - Click on "Extract" button and next close the WinZip window. Now you can delete the QMS3260_W9x.zip file. Now you need to launch the C:\QMS3260\Monitor\setup.exe that resides in the C:\QMS3260 folder. - Click on "Ok" button. - Select the destination folder. - Click on "Yes" button. - Select the destination folder for the backup files. - Type "QMS3260" into "Port Name" field. - Type "168.96.148.230" into "IP Address" field. - Click on "Ok" button. - Click on "Ok" button. Now you need to launch the setup.exe that resides in the C:\QMS3260 folder. - Select Network/Custom installation. - Click on "Next" button. - Clear all checkboxes. - Mark --- QMS Level 2 Advanced PS Driver for Windows W95/98 - Click on "Ok" button. - Click on "Next" button. - Click on "Next" button. - Click on "Next" button. - Wait for the Wizard to start. - Click on "Next" button. - Click on "Next" button. - Click on the "Have disk" button. - Click on "Browse" button. - Select "C:\QMS3260\Driver\qms.inf" - Click on the "Ok" button. - Click on the "Ok" button. - Select the "QMS 3260 Print System". - Click on the "Next" button. - Select the "QMS Port". - Click on the "Next" button. - Click on the "Next" button. - Click on the "Finish" button. If the "Print a Test Page" was not selected then check the Test Page in the printer and click on the "Ok" button. - Click on the "Ok" button. Congratulations !. You can now print on the QMS-Minolta 3260. Configuration Documentation under WinNT/2000: The first things to do is to download a file from ftp://ftp.auger.org.ar/pub/drivers/QMS3260/Win9x_ME/ QMS3260_NT4.zip Then, you have to extract all the files doing double-click on the icon A pop-up window asks you to choose a directory (by default is C:\TEMP\) - Type "C:\QMS3260" into the text box. - Click on "Extract" button and next close the WinZip window. Now you can delete the QMS3260_NT4.zip file. Now you need to launch the setup.exe that resides in the C:\QMS3260 folder. - Select Network/Custom installation. - Click on "Next" button. - Clear all checkboxes. - Mark --- QMS Print Monitor and -          QMS Level 2 Driver for Windows NT 4.0 - Click on "Next" button. - Click on "Next" button. - Click on "Next" button. - Wait for the Wizard to start. - Click on "Add port" button. - Click on "New monitor" button. - Click on "Browse" button. - Search for C:\QMS3260\Monitor\monitor.inf file. - Click on "Open" button. - Click on "Ok" button. - Double-click on "QMS Port" line. - Type "QMS3260" into "Port Name" field. - Type "168.96.148.230" into "IP Address" field. - Click on "Ok" button. - Click on "Close" button. - Click on "Next" button. - Click on the "Use disk" button. - Click on "Browse" button. - Select "C:\QMS3260\Driver\Oemsetup.inf" - Click on the "Open" button. - Select the "QMS 3260 Print System". - Click on the "Next" button. - Click on the "Next" button. - Click on the "Next" button. - Click on the "Finish" button. If the "Print a Test Page" was not selected then check the Test Page in the printer and click on the "Ok" button. - Click on the "Ok" button. Congratulations !. You can now print on the QMS-Minolta 3260.