Security on the Networks

The University now has a Palo Alto firewall which filters traffic into and out of the network, to avoid various dangers to users here and elsewhere:

  1. Attacks on University servers or clients from outside.
  2. Inadvertent access to web sites carrying malware.
  3. Breaches of copyright which could damage the University's reputation.
  4. Malicious activity by systems within the University which have malware infections, where this might cause problems for other users of the Internet.
  5. Downloading files that contain viruses.

The first of these is undetectable to anyone using the network. However, the others are more noticeable. This is what will happen in each case:

Inadvertent access to web sites carrying malware

The firewall uses the Brightcloud database of web sites, which assigns millions of pages to various categories according to their content. This allows us to identify, and prevent access to, sites from which you are likely to pick up some sort of malware. If you try to go to a web site of this type, you will actually get a page like this:

This describes how the page was categorised, and what that means. If you think the page has been mis-classified, contact the Service Desk. If the page seems to be harmless, we can remove the block on it quickly.

Breaches of copyright

On the Personal networks (wireless and Residences) we block access to peer-to-peer sites because the vast majority of these are used to distribute material in breach of copyright. This leads to complaints from the agents of the copyright holders, which damages the University's reputation and takes up support time which could be better used. If the material you are trying to obtain is not restricted by copyright, there will normally be ways of accessing it not using peer-to-peer transmission.

If you try to access one of these sites, you will see this page:

Malicious activity from your system (personal systems only)

We get nightly reports of any system on the Personal networks that is behaving as if it has a malware infection. This might mean that it keeps trying to contact "command and control" servers, which supply instructions to systems that have been compromised. If your system comes up in these reports, we will contact you to tell you what we have found and what you should do about it. Either IT Services or the Residential Services advisors should be able to help with removing any infection. However, in the meantime we may need to prevent your system from accessing the Internet. If we do that we will advise you at the time. This will only affect your use of Personal networks (i.e. wireless plus UTP in the Residences).

If your system is blocked in this way, you will only be able to see pages on University web sites and email. If you try to access any other page you will get this page:

Downloading files that contain viruses

On the Personal networks (wireless and Residences) we no longer check that users are running anti-virus software on their systems. This could expose them to the possibility of infection. As a result we block access to files that appear to contain viruses, based on a signature database on the firewall. If a file you are trying to download through the web appears to contain a virus, you will see this warning:

If you are using a File Transfer (FTP) client to download the file, you won't get any notification, because the transmission system doesn't provide one, but you will get an error reported.

If you think a file that has been blocked is actually innocuous, please contact the Service Desk. We can obtain a copy of it and check it for viruses ourselves. If it turns out to be harmless, we can quickly add an exception to the virus policy.