The following is a list of the Internet services/functions that are blocked, permanently or partially, for security and system performance reasons. If you run across 'net terminology' you are not familiar with, you can refer to the "What Is" database at http://whatis.techtarget.com/nfindex.htm for an understandable definition and clarification.
First of all, we "block," rather than "filter" services. "Filtering" has the connotation that contents are examined and we selectively allow "some" information to go through based on that content. That is not the case. We, in fact, "block" certain services/functions as a whole, for security or system performance concerns. Content is not the issue. It is also important to note that such blocking is applied only to traffic between Whitman and the Internet - at the "border" of our network. It does not affect network traffic traveling within Whitman.
Additionally, we are interested in keeping "crackers" out of our system, not "hackers." Eric Raymond, compiler of The New Hacker's Dictionary, defines a hacker as a clever programmer. A "good hack" is a clever solution to a programming problem and "hacking" is the act of doing it. A "cracker," on the other hand, is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in computer programs, or in other ways intentionally breaches computer security. A cracker can be doing this for profit, maliciously, for some altruistic purpose or cause, or because the challenge is there.
There are three types of blocking that we employ: (1) Services/Functions that are blocked permanently for security reasons, (2) Services/Functions that are blocked for security reasons, but for which we grant individual exceptions upon request, and (3) Services/Functions that are blocked partially for system performance reasons. Only major items are listed. If you need more specifics, please contact the Information Security Officer.
There are services/functions that might be either suspended or shut down temporarily, if needed, to ensure proper functioning of our network. Again, all items in the following list affect only traffic traveling between Whitman and the Internet - not within the campus network.
Permanently blocked for security
Illegal Incoming IP addresses
Every incoming piece of electronic information (packet) has a trail of Internet addresses associated with it. Hence we are able to detect "illegal" addresses. There are two types of illegal addressing: (1) packets bearing an address that is outside of the acceptable range, and (2) packets with "spoofed" or "faked" address. A valid network address must reside in a certain numerical range; if it is outside that range, we know it is invalid—meaning it does not really exist. A "faked" address is when someone is deliberately misleading you to believe he/she is someone else. An example would be when a packet is obviously coming from off-campus and yet claiming to be coming from a location on campus.
Malicious Web Sites and Computers
We block servers that are acting as "BOT" command and control servers as identified by Shadowserver, "Top Attackers" as identified by DShield and computers that are attempting to guess passwords as identified by the SSH blacklist. These blocked IP addresses are updated twice per day and once an IP address has been removed from these lists, the block is removed as well.
IP addresses that abuse the Whitman college network or servers, such as using the college email servers to send a large amount of SPAM, are permanently blocked from accessing the Whitman Network.
IP addresses that generate an excessive number of authentication failures are automatically blocked for two hours at which time the block is automatically removed.
Outside Access to Selected Servers on Campus
We block unauthorized outside access to those servers that contain confidential information that should be kept internal to the campus.
Blocked for security, but permission granted for exceptions
X Windows (a Unix-based graphical desktop shell)
This allows UNIX (including Linux) computers to share windows (screens). That is, it allows one UNIX user on one computer to control a program running on another UNIX computer. Maliciously used, the perpetrator can capture all keystrokes and passwords, see the content of the second screen, and basically control the other person's computer. Most servers on the Whitman College network are UNIX-based and hence subject to this type of attack. If someone is trying to do this without prior arrangement, something is wrong.
This is a collection of leftover protocols from the "old" days of UNIX computing when machines were allowed to connect to each other without authentication (password verification). They are not used in the new Internet environment because they have been replaced by newer, more secure protocols. If someone is trying to do use the old protocols without prior arrangement, something is wrong.
Network File System over the Internet
This allows UNIX-based computers to share hard drives over the Internet (we do not block this service inside our campus network). If someone is trying to do over the Internet this without prior arrangement, something is wrong.
Trivial File Transfer Protocol (TFTP)
This allows files to be transferred between computers on the Internet without authentication. If someone is trying to do this over the Internet without prior arrangement, something is wrong.
AppleTalk over the Internet
This is one way in which Macintosh computers can share hard drives and printers over the Internet (again, we do not block this service inside the campus network). If someone is trying to do this over the Internet without prior arrangement, something is wrong.
Windows File and Print Sharing
This is one way in which Windows computers can share hard drives and printers over the Internet (again, we do not block this service inside the campus network). This service has contained security vulnerabilities which have been used by several virus/worms including MsBlaster in the Fall of 2003. To stop the spread of these and new virus/worms, access to Windows File and Print Sharing from the Internet has been blocked.
Limited usage to protect system performance
Peer-to-Peer (P2P) and File Sharing Programs
There are numerous peer-to-peer and file sharing programs available on the Internet with new ones getting created all the time. These applications include programs like Napster, Kaaza, EDonkey and BitTorrent to name a few. These applications allow a large group of people, often numbering in the millions, to share files containing music, pictures, books, videos and computer software. The amount of traffic generated by these applications quickly overloads and saturates our Internet connections making them so slow as to be non-usable for most users on campus.
We do not completely block these P2P and File Sharing Programs. Instead, we limit the total amount of bandwidth that they can consume at one time. The current limit is around 2% of the total bandwidth available.
Posted May 18, 2000
Updated December 3, 2010