 |
 |
As of May 5, 2008, Academic Technology Services (ATS) will block unsolicited connections from off-campus Internet sources that target end-user computers on the campus network. Most users will not be affected. This change will increase security of the campus network, and will only affect computers that obtain their Internet (IP) addresses using MSU's DHCP service. Most campus desktop computers, laptop computers, and other devices will have connections from off-campus blocked. No ATS-provided services will be affected by this change. Every day, millions of malicious probes and attacks target computers on MSU's campus network. We are making this change to provide greater security for both the campus network and the computers that connect to it. Everyone should continue to use a personal firewall to protect their computers from attacks that may originate on campus - as well as attacks the computer may encounter when it is connected to a network away from campus. All computers assigned a dynamic IP address by the campus DHCP service will be affected. The DHCP service allows a configured computer to access the network through almost any Ethernet port on campus and is used mainly by end-user computers. Most of the affected computers use the 35.10.0.0/16 range. Previously, ATS blocked unsolicited incoming connections aimed at the residence halls, as well as attempted connections that target computers connected via MSUnet Wireless. As a result, a significant drop was seen in the amount of attacks aimed at these computers. A limited rollout of this change occurred in March, when unsolicited network connections were blocked in Case Hall and the Communication Arts, Engineering, and Computer Center buildings. Any on-campus computer that serves as a departmental server should not use a dynamic IP address. Instead, its system administrator should request a static IP address. Incoming connections to department or university servers that have a static IP address will not be blocked. For information on obtaining a static IP address, please see: http://techbase.msu.edu/article.asp?id=7314 <http://techbase.msu.edu/article.asp?id=7314&service=techbase> &service=techbase. Most users will notice no change. However, those who use tools such as remote desktop and file transfer software to connect to their on-campus personal computers from beyond the campus border will no longer be able to make those direct connections. Faculty, staff, and others who need to use such tools from remote locations should use MSU's SSL VPN (virtual private network) service to obtain an on-campus IP address for their remote computer. Then they can use their remote access software as if their computer were on campus. For information on MSU's SSL VPN, please see: http://techbase.msu.edu/article.asp?id=8068 <http://techbase.msu.edu/article.asp?id=8068&service=techbase> &service=techbase. For more information, please visit http://techbase.msu.edu/article.asp?id=9560. If you have any questions or concerns, please contact the ATS Help Desk. Visit help.msu.edu, call 517-432-6200, or come to the walk-in desk in 120 Computer Center. Sarah Payok Communications & Training Academic Technology Services* Michigan State University (517)432-7314 [log in to unmask] http://computing.msu.edu *Academic Computing and Network Services recently merged with Instructional Media Center. The new name for this combined department is Academic Technology Services.