For several months, IT Services has been utilizing new firewall equipment to monitor ongoing threats to the university network and online services. We have identified hundreds of thousands of threat attempts. We will soon be implementing new security features to improve protection against these over-the-network threats to our campus IT systems such as buffer overflows, code execution, viruses, and other attempts to compromise client and server-side vulnerabilities.
In the future, IT Services will enable several security profiles in the firewall between the campus and the internet including Antivirus, Anti-Spyware, and Vulnerability Protection. Once enabled, a detected threat will cause that connection to be disconnected from the network. This prevents the threat from taking action against the service or computer it was attempting to attack.
We will also enable the URL Filtering security profile, which will block traffic to any website that is identified as containing or delivering malware, phishing and “command-and-control” attempts, or copyright infringement:
- Identifies URLs and domains known to host or deliver malware.
- Identifies URLs and domains known to attempt to trick users into providing their security credentials through the use of false or spoofed websites.
- Command and Control
- Identifies URLs and domains that are used by malware and/or compromised systems to stealthily communicate with an attacker’s remote server to receive malicious commands or export data.
- Copyright Infringement
- Identifies URLs and domains known to distribute copyrighted material in hopes of limiting the number of DMCA notices that are filed against the university. This does not include websites that utilize the peer-to-peer (p2p) protocols.