Kalamazoo College Firewall
What is the firewall?
The firewall is a computer system (or network device) that separates our internal
network of computers from the Internet. The term firewall comes from the fact that
by separating our computers from the Internet, we can limit the damage that can
spread from the Internet into the College, just like fire doors or firewalls
stop fire spreading in a building. The firewall is there to protect you, not to
restrict you. It is particularly important to appreciate that the firewall is not
a "Berlin Wall", but rather a filter. Traffic from the Internet can only reach
the services that we choose to make available, not any other services.
The configuration of the firewall is changed periodically to adjust to
changing needs on the campus or to monitor some newly discovered threat. If
you have issues with, or need additional information about the firewall, please
contact network@kzoo.edu
What does our firewall do?
The firewall examines all traffic going between our network and the Internet to
see if it meets certain criteria. If it does, it is allowed to pass through,
otherwise it is stopped. The firewall filters both inbound and outbound traffic.
It also records all failed attempts to enter and leave our network for later
analysis. The firewall can filter traffic based on a large number of criteria
including the traffic's source, destination and type.
Why do we need a firewall?
Among the millions of people on the Internet, there is a significant minority
who have mischievous or malicious intent. The acts that these people commit range
from defacing a web site to stealing credit card data. Some release 'worms' like
Code Red which will automatically attack many machines trying to infect them.
Infected machines will themselves then try to infect more machines, leading to
an explosion of traffic and consequent widespread disruption on the Internet.
These people are always on the lookout for unprotected machines to attack, using
automated tools to do so. Once they have taken control of a machine they will use
it to attack more machines, usually hiding their identity and making it look like
the victim is the perpetrator. They may also use the machines to store and
distribute illegal material.
The purpose of our firewall is to keep these people and their creations out of
our machines, while still allowing people to get their work done. We have a legal
responsibility to protect the data that we store. We also need to protect our
reputation and not be seen as an organization from where hackers launch attacks
and illegal material is stored. If we gain a bad reputation we risk being denied
access to other networks and ever to our link to the Internet.
In certain circumstances, where a machine/system on the K campus has been
attacked by a malicious program, the firewall may also help limit the spread of
infection to the outside world, although this can never be guaranteed. The
presence of the firewall is no excuse to relax the level of vigilance
against malicious attacks.
Is the College monitoring the content of my
network transmissions?
Absolutely not. The College does not monitor the content of information sent
across the network. The firewall does look at the packets of information that
are flowing in and out of the LAN, but it does so only in a very restricted way.
Specifically, it only looks at networking data that includes the kind of
information being sent, the address of the computer that sent the information,
and the address of the computer the information was sent to. An analogy might
be how the post office looks at the outside of an envelope or package to
determine where to send the contents and whether it is a package or a letter.
Like the post office, the firewall does not look at the content inside the
envelope or package to see what it is.
Will my connection to the Internet be slower through the
firewall?
No. The firewall consists of a high-speed server in a resilient configuration
capable of handling as much traffic as our link to the Internet can.
Do I have to use a proxy to access the web?
No, there are no changes needed in any of your software configurations to use
the firewall. Do not set your software to use a firewall proxy!
|