Re: Residence Halls network security

[Gary Flynn <flynngn () JMU EDU>]

At Internet border:
  All inbound TCP SYN packets from the Internet.
  All outbound SMTP connections to the Internet.

At student borders:
  137/138/139/445/593 in/outbound
  msrpc 135 in/outbound
  snmp 161 (udp) in/outbound
  tftp 69 (udp) outbound
  sqlserver 1434 (udp) out/inbound
  echo (udp) in/outbound
  19 (udp) outbound
  syslog 514 (udp) outbound
  bootpc outbound
  icmp redirect outbound
  icmp router advertisement outbound
  spoofed IPs outbound
  IRC outbound

These were very effective and necessary for reducing compromises several years 
ago. Much less so today. Today's compromises are primarily through web borne 
malware and exploits rather than direct network connections. Infected systems
call out (BOTS) rather than wait for connections (Trojan servers). And better 
host firewalls and automatic update mechanisms reduce the attack surface for 
malicious network connections.


Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security
<reply top posted thanks to Microsoft Outlook>


> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Plesco, Todd
> Sent: Thursday, August 27, 2009 12:17 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Residence Halls network security
>
> I'm curious what ports/services everyone is blocking/allowing in their
> residence areas.  Port 135 is the obvious one to block but after that?
>
> Best,
> Todd A. Plesco  CISM, CBCP
> Chapman University, Director of Information Security
> One University Drive, Orange, CA 92866
> Phone: (714) 744-7979/Fax: (714) 744-7041