Educause Security Discussion mailing list archives
Re: Appropriate University/Internet blocks
From: Mike Wiseman <mike.wiseman () UTORONTO CA>
Date: Thu, 17 Jun 2004 09:23:13 -0400
Hello, We implemented Internet/CA*net 4 perimeter port blocking where the choice of ports to block was made originally for 'firefighting' reasons but since have evolved into best practices. The list includes all Microsoft well-known service ports - 135, 137-9, 445 as well as the easy ones - SNMP, TFTP, some ICMP codes. We also install temporary blocks on backdoor ports as a part of incident response. I believe this action has served us well with the Sasser and other blended threat incidents and the University community has generally supported it. Where we've run into controversy is port blocking on **other** perimeters - wireless/wired backbone and xDSL/wired backbone. A sizeable number of users object to the loss of Microsoft services for shares or Exchange-Outlook functionality. Of course, the IT side of this is now there are 'breaches in the dyke' - it's more difficult to manage issues with users on the other sides of these perimeters. As far as hardware goes, the port filtering is done on open-source routers with 50% utilized GigE connections - no noticeable performance problems. Mike Mike Wiseman Manager - Computer Security Administration Computing and Networking Services University of Toronto ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Appropriate University/Internet blocks Tom Conley (Jun 16)
- <Possible follow-ups>
- Re: Appropriate University/Internet blocks Willis Marti (Jun 16)
- Re: Appropriate University/Internet blocks Ariel Silverstone (Jun 16)
- Re: Appropriate University/Internet blocks Eli Dart (Jun 16)
- Re: Appropriate University/Internet blocks Shawn Kohrman (Jun 16)
- Re: Appropriate University/Internet blocks Willis Marti (Jun 16)
- Re: Appropriate University/Internet blocks John Center (Jun 16)
- Re: Appropriate University/Internet blocks Eric Pancer (Jun 16)
- Re: Appropriate University/Internet blocks Mike Wiseman (Jun 17)
- Re: Appropriate University/Internet blocks Theresa Semmens (Jun 17)
- Re: Appropriate University/Internet blocks Lucas, Bryan (Jun 17)
- Re: Appropriate University/Internet blocks Eric Pancer (Jun 17)
- Re: Appropriate University/Internet blocks Professor George Davida (Jun 17)
- Re: Appropriate University/Internet blocks Angel L Cruz (Jun 17)
- Re: Appropriate University/Internet blocks Davis, Thomas R. (indiana.edu) (Jun 18)