New PennNet Security Measures May Affect Off-Campus Users
Information security continues to be a topic of widespread concern, and with good reason. Malicious Internet activity is ubiquitous, appearing under increasingly sophisticated guises and affecting huge numbers of people everywhere.
At Penn, Internet traffic originating from off-campus is of particular concern. Already, SPAM filtering is being offered on most large campus email servers, and both incoming and outgoing emails are being scanned for viruses. Beginning Tuesday, April 11, additional measures will be implemented at Penn’s external Internet gateway to block or redirect certain kinds of Internet traffic coming to campus via the routes most commonly used by viruses and worms. These “edge filtering” measures will help protect Penn’s network from future virus and worm outbreaks.
Who’s Affected and How to Prepare
In general, most users will not see any change as a result of filtering. A small minority of off-campus users of some Windows-based services will be affected, and may need to change configurations or employ new methods for accessing on-campus Windows servers and workstations remotely. We have made every effort to identify potential difficulties and have worked with campus-wide IT staff to resolve these difficulties ahead of time. On-campus users will not be affected. (Note: The majority of remote University offices are on PennNet and considered “on-campus”. Please see below for more information.)
For the last few weeks, IT staff in organizations where this change may have an impact have been letting their constituents know what they need to do to prepare for uninterrupted remote access to affected services. ISC has also developed an informational web site at www.upenn.edu/computing/security/edge_filtering/.
One group of users that cannot be readily identified and contacted in advance are individuals who access files on their own or someone else’s on-campus Windows desktop system from home or while traveling. To ensure continued access to these Windows systems, they should contact their Local Support Providers (LSPs) for advice before April 11. LSP contact information can be found at www.upenn.edu/computing/view/support/.
What to Do After April 11
Once filtering has been implemented on April 11, off-campus users who find they can no longer access specific on-campus services or Windows desktop systems should contact their LSPs for assistance or check the information at www.upenn.edu/computing/security/edge_filtering/. IT staff across campus are prepared to help resolve any access problems arising from the implementation of filtering as quickly as possible.
Effect of Filtering on Traffic Originating in Remote University Offices
The majority of University offices that are not physically part of the main campus are PennNet-connected and considered on-campus. Internet traffic from these offices to Windows-based services in other on-campus offices will not be affected by the new filtering measures. The offices include:
• Judaic Studies
• Library offices in the Bulletin Building
• Morris Arboretum
• New Bolton Center
• Nursing LIFE
• Penn Dental Clinics
• Vet School Bldg. at 3937 Chestnut St.
• Wistar Institute
The following locations are not considered on-campus. Internet traffic from these offices to on-campus Windows-based services will be affected by the new filtering measures.
• Community Housing & Off-Campus Living, 4046 Walnut St.
• Howard Hughes Medical Institute
• Inn at Penn
• Sheraton Hotel (excluding hotel rooms used as part of ResNet)
• The Daily Pennsylvanian
• In addition, some Schools and Centers make use of remote office space that is connected via DSL and will be affected by the filtering measures. Faculty and staff in remote locations not listed above should contact their LSPs for more information.
Almanac, Vol. 52, No. 27, March 28, 2006