The initial configuration assumes that all inbound connections from outside the College of Engineering are un-trusted, and therefore blocked with exceptions. The following exceptions have been researched thus far and are to be placed into the active exceptions.
Service |
Port |
Functionality |
SSH |
22, 989, 990, 992, 993, 995 |
Provides encrypted channel for various, otherwise unencrypted services. |
HTTP/HTTPS* |
80, 443, 8080 |
Web services and secure web services |
Streaming Media* |
7070, 554 |
Hosting of Streaming Media |
DNS* |
53 |
Domain Name Service |
SMTP* |
25 |
Simple Mail Transfer |
TSM Backup^ |
1500 |
Server initiated backups from University |
FIT |
ALL |
128.118.1.137, 118.118.141.3 |
SOS Scanner |
ALL |
146.186.7.17 |
DFS |
ALL |
University DFS Servers |
DCE^ |
ALL |
University DCE server - 128.118.141.33, 128.118.141.34 146.186.5.98 |
DCS |
ALL |
University DCS Servers |
OAS Printing |
ALL |
University OAS Servers |
*Indicates the exceptions will be made for only approved servers
^Indicates the exceptions will be made for allowed external hosts only
All other inbound connections are disallowed and must be tunneled through a secure VPN connection. That is, unless an exception is approved (see Exception Process below).
Conversely, all outbound initiated traffic is allowed with the following exceptions and reasoning:
Service |
Port |
Reason for restriction |
SMTP |
25* |
Prevents installation of unauthorized SMTP servers that may be used as dissemination points for malicious code or spam |
Kazaa |
1214 |
Blocks P2P software used primarily to exchange copy written material |
Last updated: 11/3/2006
ECS is designing for the future.