Network Security

Campus Firewall

The University maintains a firewall at the border of the campus network. This firewall blocks select traffic coming into the campus network from off campus, including from Internet2 sites.

In order to best protect the University's network from outside attackers, outsiders are restricted from communicating with machines on the campus network over designated network ports. The ports restricted are the ports which are either used most frequently by attackers or which bear the highest cost to the University if an attacker exploits a service running on them.

The ports which are restricted are reviewed on an on-going basis. As new threats develop, new ports are added to the restricted list. In situations where time allows (that is, when there is no immediate threat such as a worm), a message will be sent to the netsec-sig mailing list in advance of new ports being added to the restricted list to give departments time to request exceptions before the restriction is put in place.

Senior IT management may request exceptions for specific service restrictions on specific IP addresses under the conditions that they are willing to personally take responsibility to ensure that the machine is properly maintained and kept secure, and that the computer for which the exceptions are requested meet certain conditions. If you are unsure who is allowed to request exceptions in your organization, talk to your IT director or contact the Network Security Center by sending e-mail to security@uchicago.edu.