Educause Security Discussion mailing list archives
Re: Appropriate University/Internet blocks
From: Willis Marti <wmarti () TAMU EDU>
Date: Wed, 16 Jun 2004 09:43:59 -0500
This is a hackneyed old question, but one we are still struggling with: What is the appropriate level of filtering or port blocking at A University/Internet border?
First, I think you want a firewall (we use a stateless packet filter) at the border and not use routers. By default, we block all inbound TCP connections and only "dangerous" UDP ports. Users wishing to offer a service request openings on a per-port basis and must pass a network vulnerability scan. Residence hall occupants are only allowed http. We currently allow telnet, ftp servers on the rest of campus, but are starting to phase those (and any others w/ plaintext passwords) out as allowable. We block outbound only on temporary basis, to combat problems. Except we do block 135 both ways. -- Cheers, Willis Marti Associate Director for Networking Computing & Information Services Texas A&M University ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Appropriate University/Internet blocks Tom Conley (Jun 16)
- <Possible follow-ups>
- Re: Appropriate University/Internet blocks Willis Marti (Jun 16)
- Re: Appropriate University/Internet blocks Ariel Silverstone (Jun 16)
- Re: Appropriate University/Internet blocks Eli Dart (Jun 16)
- Re: Appropriate University/Internet blocks Shawn Kohrman (Jun 16)
- Re: Appropriate University/Internet blocks Willis Marti (Jun 16)
- Re: Appropriate University/Internet blocks John Center (Jun 16)
- Re: Appropriate University/Internet blocks Eric Pancer (Jun 16)
- Re: Appropriate University/Internet blocks Mike Wiseman (Jun 17)
- Re: Appropriate University/Internet blocks Theresa Semmens (Jun 17)
- Re: Appropriate University/Internet blocks Lucas, Bryan (Jun 17)
- Re: Appropriate University/Internet blocks Eric Pancer (Jun 17)
(Thread continues...)