CWU Firewall Upgrade Information
Scheduled for November 10, 2006
As applied to networks, the term "firewall" is borrowed from the construction trade.
In a structure, a firewall is a barrier designed to keep a fire from spreading. A
networking firewall is also a containment device: firewalls of this kind establish a
boundary which attempts to block harmful traffic while allowing normal traffic to pass
through.
A firewall is only one link in the chain which protects a network. Hosts
operating on a network must have up-to-date anti-virus software installed,
and have their operating systems patched regularly. Persons using a
computer must have a common-sense approach to browsing the web and an
awareness of security issuess such as "spyware" and "phishing attacks".
Here are some links regarding spyware and phishing attacks:
CWU is planning a major upgrade to the firewall between campus networks
and the Internet. This will take place over the Veterans Day holiday
weekend, beginning on Friday, November 10. As this date approaches,
specific outage information including down time and resources affected
will be posted here and on the Intranet.
Every day, CWU is probed thousands of times from remote corners of the
Internet by automated scanners looking for hosts which may be poorly
secured or infected with a virus.
The upgraded firewall will be more particular about which traffic
originating from the Internet can enter CWU's network. Service to public
interfaces such as www.cwu.edu, gwweb.cwu.edu, and portal.cwu.edu (among
others) will be unaffected.
Other connectivity between outside networks and CWU (for example, home
broadband Internet via DSL or cable-modem) will need to occur using our
VPN service. Most people working from home are either able to do so
exclusively through the public interfaces mentioned above, or, are already
using the VPN. However, if you have explicitly configured a custom
networking application (such as a "remote desktop" tool) to operate around
our legacy firewall, going forward you will need to use the VPN service to
obtain access. [
Download the VPN client here.]
Figure 1.
The upgraded firewall is designed to understand how various applications -
such as web browsers and streaming audio players - use the network.
Passage through the firewall is arranged on an as-needed basis. When a
user launches RealPlayer, the firewall observes the network traffic
leaving CWU and makes adjustments to allow the corrresponding returning
traffic back. In this manner, nearly all of the extraneous probes and
scans aimed at our hosts are rejected.
There is, however, a chance that a particular application, or even a
particuler version of an application - may not operate properly with our
upgraded firewall.
Figure 2.
If you have an application which stops working properly immediately
following the November 10, 2006 upgrade, contact the ITS helpdesk at
963-2001. Please have the following information at hand:
- Your operating system platform (e.g. Apple OSX, Windows XP, Linux)
- The name and revision of the software which has stopped working (e.g. RealPlayer v8.0)
- A description of the problem symptoms including what used to happen when it worked, and what happens now that it is broken.
- A description of how to reproduce the problem, including any related web sites or content URLs.
