| Why is this necessary?
On August 7, 2006, the campus border firewall went live adding a critical layer of protection to networked computer devices. Historically the campus network has been what is commonly called an "open" network. This means that by default all traffic was allowed in from the Internet to ANY system on the campus network (including desktops or laptops on wireless). As a first step, the firewall implementation placed all computing devices in one of two zones based on the local need for inbound academic or business traffic. That step significantly reduced the number of network related security incidents on campus. The change to further restrict SSH, Web, and other allowed protocols is in response to increased attacks targeting these types of services.
How does the border firewall affect video conferencing and chat?
It depends largely on the software or hardware you are using for video conferencing. If you use an intermediate server (such as with Yahoo, MSN, Netmeeting, etc.), then you should not be impacted by the change. If video conference participants must connect directly to the IP address of your computer or video conference bridge, you should contact ITS to arrange an exception to allow traffic to your system.
Will connecting via Windows Remote Desktop be affected by the firewall?
Yes. You will need to use CU-Boulder's VPN (Virtual Private Network) to use Windows Remote Desktop. For more information about VPN, including software downloads and setup instructions, visit ITS's Virtual Private Network (VPN) web site.
Do I need an exception if my department works with a vendor that connects to our file server?
While some remote management can be accomplished via Web or SSH often remote management is accomplished though software such as PCAnywhere. Remote access software such as PCAnywhere requires an exception.
How does one request an exception?
An exception request should be submitted to the IT Service Center. Contact (303) 735-HELP (5-4357 from an on-campus phone) between 8 a.m. and 7 p.m. Monday though Friday.
Will there be a cost involved with changes?
There will not be a charge for those who require an exception to allow traffic to their systems.
Do you have a list of pre-existing SMTP servers?
Not anymore. If you need information about accepted SMTP servers, contact the IT Service Center.
Is this the firewall that will be put around other servers or is there another firewall coming?
ITS will be implementing additional firewalls within the network to protect private data servers.
Why is there more than one firewall?
The firewall is deployed in pairs for high availability. If one should fail, the other will take over for the failed system.
If this is only phase one of the firewall implementation, what will the other phases involve?
The future of the firewall service will include server registration, improved network authentication strategies, and refined segmentation of computing devices based on the device's need to receive inbound traffic for academic or business reasons. Additional information can be found at www.colorado.edu/its/security/direction/
Contact Information
Campus IT Security Office
(303) 735-HELP
security@colorado.edu |
