As
of May 5, 2008, Academic Technology Services (ATS) will block unsolicited
connections from off-campus Internet sources that target end-user computers on
the campus network. Most users will not be affected. This change will increase security
of the campus network, and will only affect computers that obtain their
Internet (IP) addresses using MSU’s DHCP service. Most campus desktop
computers, laptop computers, and other devices will have connections from
off-campus blocked. No ATS-provided services will be affected by this change.
Every
day, millions of malicious probes and attacks target computers on MSU’s campus
network. We are making this change to provide greater security for both the campus
network and the computers that connect to it. Everyone should continue to use a
personal firewall to protect their computers from attacks that may originate on
campus – as well as attacks the computer may encounter when it is connected to
a network away from campus.
All
computers assigned a dynamic IP address by the campus DHCP service will be
affected. The DHCP service allows a configured computer to access the network
through almost any Ethernet port on campus and is used mainly by end-user
computers. Most of the affected computers use the 35.10.0.0/16 range.
Previously, ATS blocked unsolicited incoming connections aimed at the residence
halls, as well as attempted connections that target computers connected via
MSUnet Wireless. As a result, a significant drop was seen in the amount of
attacks aimed at these computers.
A
limited rollout of this change occurred in March, when unsolicited network
connections were blocked in Case Hall and the Communication Arts, Engineering,
and Computer Center buildings.
Any
on-campus computer that serves as a departmental server should not use a
dynamic IP address. Instead, its system administrator should request a static
IP address. Incoming connections to department or university servers that have
a static IP address will not be blocked. For information on obtaining a static
IP address, please see: http://techbase.msu.edu/article.asp?id=7314&service=techbase.
Most
users will notice no change. However, those who use tools such as remote
desktop and file transfer software to connect to their on-campus personal
computers from beyond the campus border will no longer be able to make those
direct connections. Faculty, staff, and others who need to use such tools from
remote locations should use MSU’s SSL VPN (virtual private network) service to
obtain an on-campus IP address for their remote computer. Then they can use
their remote access software as if their computer were on campus. For information
on MSU’s SSL VPN, please see: http://techbase.msu.edu/article.asp?id=8068&service=techbase.
For
more information, please visit http://techbase.msu.edu/article.asp?id=9560.
If you have any questions or concerns, please contact the ATS Help Desk. Visit
help.msu.edu, call 517-432-6200, or come to the walk-in desk in 120 Computer
Center.
Sarah
Payok
Communications
& Training
Academic
Technology Services*
Michigan
State University
(517)432-7314
*Academic
Computing and Network Services recently merged with Instructional Media Center.
The new name for this combined department is Academic Technology Services.