Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Appropriate University/Internet blocks

From: Willis Marti <wmarti () TAMU EDU>
Date: Wed, 16 Jun 2004 09:43:59 -0500
This is a hackneyed old question, but one we are still struggling with:

What is the appropriate level of filtering or port blocking at A
University/Internet border?


First, I think you want a firewall (we use a stateless packet filter) at
the border and not use routers. By default, we block all inbound TCP
connections and only "dangerous" UDP ports.  Users wishing to offer a service
request openings on a per-port basis and must pass a network vulnerability
scan. Residence hall occupants are only allowed http. We currently allow
telnet, ftp servers on the rest of campus, but are starting to phase those
(and any others w/ plaintext passwords) out as allowable.
We block outbound only on temporary basis, to combat problems. Except we do
block 135 both ways.
--
Cheers,
 Willis Marti
 Associate Director for Networking
 Computing & Information Services
 Texas A&M University

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: