New Firewall Rules: Will Your Systems Be Impacted?
On October 17, CCS will be implementing a change to our campus firewall to further improve the University’s security posture. While we are working hard to ensure minimal impact to users, some systems may be affected if they are not identified in advance and added to our “allow list.” This is why we need your help!
The firewall is a network security device that monitors internet traffic coming to and going from the University. Currently, our firewall policy allows all inbound traffic except for “known-bad” traffic (known to be malicious or harmful). On October 17, we will change this policy to allow only “known-good” inbound traffic (entering via ports 80 and 443) and block everything else.
CCS has taken every precaution to ensure this change will not affect regular users connecting to the campus network and their ability to access on- or off-campus services. We have also been working hard to build our “allow list” based on discussions with IT personnel at U of G, as well as the analysis of traffic logs. Services hosted in the CCS Data Centre or in the cloud will not be impacted, and connections through VPN will not be affected. However, there may be systems hosted on campus that are accessed by the internet of which we are unaware. Examples may include:
- Web services that provide access on non-standard ports (ports other than 80 or 443);
- Video conference units that receive calls directly from the internet; and
- Other applications accessed from the internet on ports other than 80 or 443.
If you are responsible for services that you suspect may be impacted by this change, please contact the CCS Help Centre as soon as possible. The Network Security team will review all requests and provide exceptions for approved services to avoid any service interruption.