Any views expressed within media held on this service are those of the contributors, should not be taken as approved or endorsed by the University, and do not necessarily reflect the views of the University in respect of any particular issue.

Computing Systems

Computing Systems

Informatics Computing Staff jottings

Network changes for self-managed machines

As you’ll all be aware, the University is tightening up on network security in response to outside threats.    Within Informatics we have also been looking at ways to improve our security, and one area we have identified is that of self-managed machines in offices.

For many years we have provided network ports in offices and other “closed” areas, configured so that any machine connected to them is given an IP address, without the need to register in advance.  (We can do this because our network monitoring tools provide an audit trail linking the machine’s address with the port where it has been used.)  As well as allowing access to the rest of the University and beyond, this has given mostly-unrestricted access to internal Informatics resources.  It is this latter feature which is now under review.

Since we do not know how the machines using these ephemeral connections are configured and maintained, it has been concluded that it is now unacceptably risky to allow this unrestricted access to continue.  On a date to be announced, therefore, the configuration of the Informatics firewall will be changed so that these machines move from our “inner ring” to our “outer ring”.  They will still be protected against threats from outside Informatics, but our core systems will be protected against potential threats from them.

The effect you will see on one of these self-managed machines will be as follows:

  • You will still receive a dynamically-allocated address for your machine.
  • You will have the same access to the rest of the University and beyond as you do now.
  • However, you will only have access to internal Informatics resources if they have explicit firewall arrangements in place to allow this access, or you connect through one of our login servers or use OpenVPN.  This is essentially the same level of access that you would have if you were using the University’s wireless service.

If you have any access pattern which you think might be affected by this change, please submit a support request.  We can then look at it and then either make a firewall change or advise on alternative access methods.

 

Network changes for self-managed machines / Computing Systems by is licensed under a

Posted by

Categories

Uncategorized

Tags

No tags have been added to this post.

Previous post

Next post

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Network changes for self-managed machines / Computing Systems by is licensed under a
css.php

Report this page

To report inappropriate content on this page, please use the form below. Upon receiving your report, we will be in touch as per the Take Down Policy of the service.

Please note that personal data collected through this form is used and stored for the purposes of processing this report and communication with you.

If you are unable to report a concern about content via this form please contact the Service Owner.

Please enter an email address you wish to be contacted on. Please describe the unacceptable content in sufficient detail to allow us to locate it, and why you consider it to be unacceptable.
By submitting this report, you accept that it is accurate and that fraudulent or nuisance complaints may result in action by the University.

  Cancel