- Who are you?
- STUDENT
- FUTURE STUDENT
- INTERNATIONAL
- PARENT
- FACULTY & STAFF
- ALUMNI
- COMMUNITY
- MEDIA
- VISITOR
Technology Solutions Centre - IT Security
Campus Firewall Services
UofW campus firewall services is comprised of a set of devices and technologies designed or configured to help protect campus systems and services. These technologies include network-based firewall devices, routing with access control lists (ACLs) and network traffic prioritization.
Network-based Firewalls
The University campus network has basic network level firewalling at the campus edge facing the Internet. This firewall effectively protects campus systems by blocking all network communication inbound from the Internet using a 'deny all with exceptions' rule. This means that all systems are automatically made "invisible" to the Internet with the explicit exception of systems running Internet services.
The current configuration of the campus edge firewall does not hamper or restrict any outbound communication being intiated from campus systems. However, due to the ongoing threats of viruses, worms and Trojans, this may change in the near future.
TSC, in conjunction with the IT Security Working Group, may be applying changes to this open configuration - please stay tuned for more info.
ACLs
The campus network is devided into various logical sub-networks, each designed to house systems performing specific functions. ACLs are applied to each sub-network, protecting them from each other. The following chart shows each major sub-network and access rights it has to various services:
Coming
Traffic Prioritization
Some network protocols are more aggressive than others, and when used, tend to consume network bandwidth to the point where other programs sharing the network cannot operate properly or efficiently. The result is like a "denial of service" for many of these applications and services. Some examples of very aggressive protocols are P2P, FTP and Streaming Media.
Let's put this into perspective: Consider there are 50 systems on a network and they all share the same Internet feed. All of them use a variety of applications to access the Internet (web, mail, etc.). Now, if 10 of those systems launched a P2P program (like Grokster or Kazaa) and were able to connect to a hig speed download peer, those 10 machines would eventually consume the Internet feed. As a result, the other 40 computers would experience extreme slowness when accessing the Internet, or would even be 'waiting' for access while the P2P downloads are running.
A device widely known as a "packet shaper" was introduced to help control these aggressive protocols and establish a workable balance so all network protocols get their share of Internet bandwidth.
The chart below shows some of the more popular network protocols used on campus today and how they are prioritized using the packet shaper:
| More Popular Protocols/Services Used on Campus |
Bandwidth Consumption Before Prioritizing |
Bandwidth Consumption After Prioritizing |
Aggressiveness of Protocol |
| P2P |
High |
Low |
Very Aggressive |
| FTP |
High |
Medium |
Very Aggressive |
| SMTP |
Low |
Low |
Very Aggressive |
| Streaming Media |
Medium |
Low |
Aggressive |
| HTTP |
Low |
High |
Not Aggressive |
| Instant Messaging |
Very Low |
Low |
Aggressive |
