Logo: OSWEGO: State University of New York link to home page
 Skip over tactical navigation
Contact Us | A-Z Index | Webcam | Search


Information For
Skip over primary navigation
About Oswego Academics Admissions Athletics Student Life News & Events Give to Oswego
Campus Technology Services A - Z | Alerts | Contact | Help | Search CTS
Firewall FAQS 
"Taking Steps for the Future"

What are the threats to Internet Security?
How is SUNY Oswego addressing Internet Security?
What is a campus firewall and why do we want one?
How does a firewall affect me?
What is this VPN stuff and why would I need to use it?
What is my role in Internet Security as a community member of SUNY Oswego?

What are the threats to Internet Security?
Without a firewall, the SUNY Oswego network is wide open to attack from any of the computers connected to the Internet. Any one of those computers can scan our network looking for weaknesses and vulnerabilities. If a computer is found to have a weakness or vulnerability, it can be used to launch an attack against technology resources at SUNY Oswego or elsewhere. Therefore SUNY Oswego is susceptible to a variety of threats ranging from an attack against a single computer to a more sophisticated attack against an entire network, which is the aim of viruses and worms. Internet worms such as Blaster and Nachi that hit the Internet in August of 2003 affected networks to the point where some needed to shut their network down while they started a major cleanup campaign. These worms generate so much network traffic that a bottleneck develops and nobody can use the network until all of the computers have been patched with latest security updates.

How is SUNY Oswego addressing Internet Security?
There is no one device that can be installed on a network that will do all that is necessary to protect us from security threats. That is why SUNY Oswego is addressing Internet Security in a multi-layered approach. However, we cannot do it alone. There are some steps we can take on an institutional level to help protect our campus technology resources, but there are also steps that individuals need to take. On an individual level, security updates need to be installed and anti-virus software needs to be installed and updated on your computers on a regular basis. The question, “What is my role in Internet Security as a community member of SUNY Oswego?” discusses in more detail what is required to do this. On an institutional level, we apply security updates as they come out to all of our servers. In September 2003, we also installed an anti-virus appliance to help prevent the spread of viruses. This device sits in front of the SUNY Oswego mail server and scans for known viruses. If it finds any, it eliminates them before they hit our user community. Our next step is to install a firewall.

What is a campus firewall and why do we want one?
A campus firewall is a piece of equipment that sits on the edge of the SUNY Oswego network and controls access to campus technology resources. It is similar to a roadblock set up by the police to check the inspection on your car. The police officer checks your inspection sticker for certain criteria. If it passes those criteria it is allowed through. A firewall works in a similar manner – it checks traffic coming into our network to see if it matches certain permissible criteria. If it does, it’s allowed through. Without a firewall, a network is wide-open to any/all Internet security threats. A firewall is our first line of defense to protect our electronic data and our technology resources. It cannot protect you from everything such as inside attacks and email viruses, but it will prevent the broad Internet from scanning our network looking for weaknesses.

How does a firewall affect me?
If you primarily use the SUNY Oswego network from on-campus, you should not notice any difference compared to before the firewall was in place. You may see a difference when you access campus technology resources from off-campus. By default, the firewall will prevent the world from getting to all of our technology resources unless we give them permission to do so. Things like the SUNY Oswego web site and mail server will automatically be configured as a public resource – a technology resource the world is able to access. Therefore, if you are off-campus and normally use the SUNY Oswego network to surf our web site and check your SUNY Oswego email, then you will not notice any difference. It is when you want to access any technology resource that is not a public resource, that you will notice a difference. Any campus technology that is not configured as a public resource will not be able to be accessed from off-campus without special software installed on your home computer. For example, if you normally access files on the machine in your office, then you will need to install this special software to allow you to continue doing that. This is the VPN software discussed next. Also, if your department offers a technology service that runs on a computer within your department that the world needs to access, then Campus Technology Services will need to know this so that it can be configured into the firewall as a public resource.

What is this VPN stuff and why would I need to use it?
VPN is an acronym for Virtual Private Network. VPN software lets registered users access SUNY Oswego technology resources as if you were sitting on campus. You only need to use VPN software if you need to get to a non-public technology resource. For example, if you need to access files on your computer at work from home, then you will need to install this software on your home computer. You would do the same thing that you do now to access those files, except you would run the VPN software first. SUNY Oswego uses the Cisco VPN client that will be available for download from the SUNY Oswego web site.

What is my role in Internet Security as a community member of SUNY Oswego?
As members of the SUNY Oswego community, we all have a responsibility to try to protect our campus technology resources. This means keeping current with new operating system and application security updates as they are released. These updates should be done on any computer that you connect to the campus network. This includes any computers in your offices and residence hall rooms as well as any machines that you use at home or transport between campus and home. It is important to note that if you use the campus modem pool or Virtual Private Network (VPN) software from home, then your home machine is an extension of the SUNY Oswego network. If your home machine has a virus or worm, then you are putting the rest of the SUNY Oswego network at risk of contracting that virus or worm. In addition, if you have a laptop that you connect to an Internet Service Provider at home and get a virus or worm from that network and then bring that laptop on campus and connect it to the SUNY Oswego network, then you again are putting the SUNY Oswego network at risk for contracting that virus or worm.

It is extremely important to keep your computer up to date with the latest security patches. For windows users, this means doing Windows updates on a regular basis. You can go to http://windowsupdate.microsoft.com/ to find out what updates are available and to install them. With the newest operating systems including Windows XP and Windows 2000, these updates can be automatically scheduled. It is recommended that they be scheduled on a daily basis.

For Macintosh users, you can use the Software Update feature to look for and schedule new updates. It is recommended that they be scheduled on a daily basis.

In addition to security updates, anti-virus software should be installed on all of your computers. SUNY Oswego has a site license for the McAfee Anti-virus software that can be installed on your machines at work and at home. Once installed, anti-virus software also needs to be updated on a regular basis (daily) and can be scheduled. Please see http://www.oswego.edu/it for download and scheduling information.

State University of New York at Oswego, Oswego, NY 13126-3599 | Phone: 315.312.2500 | About this Site
 Last Updated: 2/29/08