Electronic Services

Other Services

Direct Links

Homepage

Account Information

Email Client Setup

Instructions to Install HSU SSL Certificate

Set or Change HSU User Name and Password

Tech Guides :: Information Security :: Campus Border Firewall Deployment

Overview

In 2005 and 2006, technical advisory groups and ITS recognized the increasing need for better protections against network based threats to electronic systems on campus. The CSU system also recognized the need for system-wide network security and funded a project to increase network security called ITRP2. As a part of the ITRP2 project, HSU received redundant firewalls and installation support for the campus connection to the Internet. Because HSU indicated a desire for implementation we were selected as the first campus to receive this deployment.

The intention of ITS and the firewall project team was to make this installation as transparent and smooth as possible. The information on this web page is intended to provide basic information about the project, answers to common questions and helpful support links.

Schedule and Outages

October 1, 2006 - 12:01am – 6:00am

Telecommunications personnel and technicians from the CSU Chancellor’s Office enabled a second connection to the Internet for HSU at 1 Gigabit per second (10X the speed of HSU’s first connection). Additional outages during this maintenance window tested redundancy and fail-over for both of HSU’s connections to the Internet.

October 8, 2006, 6:00am - 10:00am and
October 8, 2006, 4:00pm - 8:00pm

Firewall Installation and implementation: Personnel from Telecommunications and Network Services, the CSU Chancellor’s Office, AT&T, and the vendor instaledl the campus boarder firewalls and applied the initial configuration.

FAQ

What is a firewall? - A firewall is a network security device positioned between two different networks, usually between an organization's internal, trusted network and the Internet.

What does a firewall do? - A firewall protects networked computers from intentional attacks from the Internet by restricting one's ability to:

• exploit well-known security holes that may exist on your computer or
• flood a computer or the entire campus network with bad information, resulting in denial of service – aka “Denial of Service”(DOS) Attack.

This means that the risk of outside attacks potentially corrupting data, compromising confidentiality or denying service is greatly reduced. A firewall DOES NOT protect your computer against viruses received from email attachments, web downloads or file transfers from floppy drives. To address these security issues, ITS is employing two additional technology solutions focusing on virus protection.

Why does HSU need a firewall? - A firewall helps HSU:

• balance the openness of the Internet with the need to protect the privacy and integrity of campus information and services,
• reduce the threat of attacks that can deny service to campus computer users,
• reduce the likelihood of off-campus individuals using campus computers to launch attacks against others on the Internet (aka Pass Through Sites).

How does this affect me? Will it keep me from doing what I used to do? - The implementation of the firewall should not limit campus related services used by students, faculty and staff.

Getting out to the Internet: On-campus users will have the same access to the Internet and campus resources as they did without a firewall.

Getting to HSU Resources from the Internet: The initial firewall implementation will not change access to campus resources from the Internet.

Will the campus block traffic from the internet to campus systems? - The campus will identify all legitimate computers and services that should be available from off campus. This information is used to create “pinholes” in the firewall that enable access to a service and/or computing resource but limits access to non-essential services that may be vulnerable to attack. When the campus indetifies legitimate computers and services changes will be made to the firewalls, access to non-essential services from the Internet will be blocked.

What is a pinhole? (Plus example) - A pinhole is a configuration setting in the firewall allowing access to specific services running on a campus computer.

For example, in order for users on the Internet to access a campus web page, a pinhole must be configured on the firewall to allow requests to the web services on the computer hosting the web site. This service description in TCP/IP lingo is called a port. Web services commonly use Port:80.

So if a particular computer, called DeptWebServer1, needed to serve a departmental web page to the Internet, the Departmental ITC might request a pinhole be configured on the firewall to allow access for DeptWebServer1 port 80. This will allow web access to the Department web page but still restrict other services where access by Internet users is not required. By limiting access to just those services, the risk of attacks from the Internet that try to exploit well-known security holes is greatly reduced.

Where can I find out more about firewalls? - If you would like to learn more about firewalls, you will get many good results by simply using a web search engine (e.g. http://www.google.com , http://www.yahoo.com) to search using the keyword "firewall".

Here are a couple of URLs we recommend for a start:

http://www.howstuffworks.com/firewall.htm
http://www.pcwebopedia.com/TERM/f/firewall.html

© 2006 Humboldt State University : Information Technology Services : Rights & Usage