We gave up on the Microsoft ISA Server in favor for a hardware solution for
our lab here on campus. Nice to having to panic every time Microsoft
releases a new patch.
Troy D. Murray
Michigan State University
College of Human Medicine
Department of Medicine
Immunohematology and Serology Laboratory
B228 Life Science Building
East Lansing, MI 48824-1034
(E) [log in to unmask]
MSN: [log in to unmask]
From: MSU Network Administrators Group [mailto:[log in to unmask]] On
Behalf Of STeve Andre'
Sent: Tuesday, December 02, 2003 3:45 PM
To: [log in to unmask]
Subject: Re: firewalls in academic units
On Tuesday 02 December 2003 10:24 am, John Gorentz wrote:
> Thanks for all the information on the status of virus and spam
> filtering at mail.msu.edu!
> Another question: Are any of MSU's academic units running department- or
> building-level hardware firewalls these days, other than what can be done
> with routers? If so, what are people using and what are they trying to
> accomplish with them? It's not a very specific question because I don't
> have anything specific in mind yet, at least not anything that I'm willing
> to talk about. But I'm curious.
> John Gorentz
Political Science and LIR in South Kedzie have a firewall based on OpenBSD,
running the pf packet filter.
So far, we're blocking the MS "diseased" file sharing ports, both incoming
and outgoing. Since our fileservers are inside the firewall and AFS access
is done with OpenAFS, this has worked out well.
Our rules are evolving, but blocking the MS protocols (135, 137, 138, 139,
445, 593) is a good start.
--STeve Andre' (Political Science)