The Design Center firewall is logically located between the School of Engineering network and the rest of the campus, including the internet connection. It is operated by system administrators from the Design Center, and is independent of the two campus-wide firewalls operated by IT. It was first made operational at the beginning of the 2000-2001 school year, having undergone extensive testing and configuration over the previous summer.
The primary philosophy by which our firewall is maintained is simple. "Don't impact legitimate users." We realize that this is an academic environment and that as such, the network, as much as anything else, should be available to students as a learning tool. Thus, rather than locking down everything, and only allowing necessary traffic, we do the opposite. All traffic is, by default, allowed. In fact, our firewall in no way attempts to block any outgoing traffic. Its purpose is only to protect our network from the outside, and even then only hosts attempting unauthorized access to our network are blocked. If you have a problem or can't do something on the network and believe it to be caused by the firewall, please let us know.
Though the exact host blocks are too dynamic to report here, one constant rule we do have in place is the blocking of incoming requests to port 111. The RPC Portmapper service runs on this port, brokering connections to things like NFS and NIS. These services are not legitimately required outside our network, and because of their design, pose a grave security risk if not limited in this way.
For those of you who are interested, here is an abridged list of some of the network security tools we use in the Design Center.
For more information or to report a problem, please see a system administrator or email email@example.com.
Click here to go to the SCUDC home page.