[unisog] Blocking Windows Networking at the Border?
bidwell at andrews.edu
Wed Apr 24 02:44:50 GMT 2002
On Thu, Apr 18, 2002 at 02:04:46PM -0400, Phil.Rodrigues at uconn.edu wrote:
> We have been considering blocking ports 135-139/445 at the routers for a
> few weeks now for privacy issues (the assumption that things shared on the
> "local network" are only accessible by other University computers) and
> after all of this we are considering it for security reasons as well. We
> have never blocked anything before, and none of us really wants to start
> down this slippery slope, but user education about open shares and strong
> passwords only seems so effective.
And Andrews University we block these Netbios ports as well as quite a
number of others, like YP/NIS, NFS, ... for the protection of our users.
We also block inbound telnet and ftp to all but a few trusted (and well
patched and watched) systems. We also have a policy (backed up by the
firewall of no off campus services being provided from our resnet,
wireless, or dialup networks.
If anyone asks about it we describe what can happen without these
protections and they go away thanking us for our foresight in protecting
> What are other schools doing to combat these types of problems? Are many
> of you blocking Windows Networking at the border? Do those that choose
> not to block it have compelling reasons to keep it open, or do you leave
> it open because "it has always been that way"?
> Thanks for your input, and shoot me a private reply if you prefer.
> Philip A. Rodrigues
> Network Analyst, UITS
> University of Connecticut
> email: phil.rodrigues at uconn.edu
> phone: 860.486.3743
> fax: 860.486.6580
> web: http://www.security.uconn.edu
Daniel R. Bidwell | bidwell at andrews.edu
Andrews University Information Technology Services
If two always agree, one of them is unnecessary
"Friends don't let friends do DOS"
"In theory, theory and practice are the same.
In practice, however, they are not."
No tema al pinguino.
More information about the unisog