To: sciences-faculty@sciences.sdsu.edu, sciences-staff@sciences.sdsu.edu From: Jim Varnell Subject: Changes Accessing On-Campus Computers From Off-Campus Date: Wed, 15 Mar 2006 12:53:48 -0800 In order to provide a higher level of security for on-campus computing resources the SDSU IT Security Office (http://security.sdsu.edu) will be making fundamental changes to the campus border firewall. The border firewall is the hardware and software that either passes incoming network traffic on to the campus network or rejects it. If you connect to on-campus computers from off-campus, this may affect you. Currently all off-campus access to on-campus computing resources are allowed unless specifically blocked. This will be changed so that all off-campus access to on-campus resources will be blocked unless specifically allowed. Outgoing communications will remain unaffected. While this change will help protect the campus from Internet-based attacks it will require us to plan ahead so critical services are not interrupted. What does this mean to you? For most people there will be no change. You will still be able to: 1. Access email from one of the main campus email servers (sciences, mail, rohan) from on- or off-campus. 2. Access the main campus Web servers (www.sdsu.edu, www.sci.sdsu.edu, www-rohan.sdsu.edu) from on or off campus. 3. Communicate between on-campus computers Types of functions that may be affected: 1. Logging into your campus computer from off-campus 2. Transferring files to your on-campus computer from off-campus 3. Remotely controlling your on-campus computer from off-campus 4. Accessing email from email servers not listed above from off-campus 5. Accessing some Web servers not listed above from off-campus Please help us in determining how the border firewall needs to be configured. Fill out the following Web form for any off-campus functions that you feel need to be provided by your on-campus computers. We'll need your input by April 14. http://www.scec.sdsu.edu/bfcon/index.php If you have any questions please contact the Sciences Computing Help Desk at x44881 or email to consult@sciences.sdsu.edu. For those that are interested in the technical details: The vast majority of all on-campus computers have an automatically assigned IP address in the range of 146.244.xxx.xxx. These computers are not accessible from off-campus and will therefore not be affected by this change. If your on-campus computer has been assigned a "fixed or static" IP address in the form of 130.191.xxx.xxx for the purpose of allowing off-campus access then fill out the above Web form. Include both the fixed IP address of your on-campus computer and the names of the services and ports being used. Examples: If you use ws-ftp to transfer files to (or from) your desktop computer from your computer at home, we will want to know "ftp" for the service and 20,21 for the ports and the IP address of your desktop computer. If you use ssh or sftp to remotely login to your desktop computer or transfer files then we want to know "ssh" (sftp uses the same port as ssh) for the service, port 22 and the IP address of your desktop computer. If you run a web, mail, or other type of server that is not one of the main campus servers, then we want to know the IP address of your server, along with the various services (http, smtp, ssh, etc) and ports (80,25,22) that your server needs to offer off-campus. _______________________________________________ Sciences-faculty mailing list Sciences-faculty@scilists.sdsu.edu http://scilists.sdsu.edu/mailman/listinfo.cgi/sciences-faculty