Firewall Policy

Executive Summary

Kenyon's firewall policies don't limit any outgoing connections, i.e. any programs initiated from Kenyon computers. Only certain computers at Kenyon will be able to respond to externally initiated contacts. The list of these computers, primarily web servers and e-mail servers, is maintained by the LBIS staff.

1. I don’t run a web server or an FTP server or any other kind of server on my computer. Will this policy affect me?

It should not affect your use of computers at Kenyon. You should be able to make connections to web pages, send e-mail, stream content, connect to FTP sites or multimedia sites, etc. Note: there may still be limitations on what you can do—for example, with computer gaming over the network—that are not associated with the firewall policy, but instead with the bandwidth limitation policy.

2. Will I be able to get to the files on my home directory (my H: drive) from outside the Kenyon network?

Kenyon offers a virtual private network service for employees who need connections to Kenyon resources from outside the Kenyon network. To use the virtual private network (or VPN) service, LBIS installs the VPN client software on your  Kenyon-owned laptop. Then, once you have connected to the Internet through your local provider, the VPN client software talks the VPN server at Kenyon and provides a secure, encrypted path for your computer, which can access resources at Kenyon just as if the computer were on the Kenyon network. Note that you must provide your own Internet connection. To have the VPN software installed and be trained to use it, contact Helpline at 427-5700.

3. Will I be able to get my e-mail from outside the Kenyon network?

Yes. This policy will not affect e-mail access.

4. Suppose I need to run a web server or some other service. How do I go about it?

All requests should be directed to LBIS  by contacting helpline at 427-5700 or by  contacting Vice President for Library and Information Services, Ron Griggs. The service:

1. Must be related to Kenyon’s mission and purpose--a legitimate academic activity.

2. Must not be available through Kenyon systems. For example, why set up a separate mail server if Kenyon already has mail servers?

3. Must be set up securely initially and will be subject to periodic security checks by LBIS staff. (We will be conducting those checks on ALL systems available to external access, especially those run by LBIS.) Insecure systems must be fixed or they will be removed from the approval list.

5. From what am I being protected? How does it work?

Primarily, you are being protected from computing hackers that attempt to access your system and use it for various purposes. You are also being protected from “network aware” viruses that attempt to spread through hacking in to your computer and using it to infect other computers.

Most computer hacking and many virus infections start with the following scenario: the bad guy computer contacts the target computer; then the target computer listens and responds. The process that listens on the target computer is called a service. Then the “bad guy” computer does some action that exploits a bug or flaw in the listening computer’s service and breaks in, infects, or otherwise hurts the target computer.

So the primary reason that computers are vulnerable to hacking is that they listen and respond. But most desktop computers don’t need to listen and respond to contacts initiated from computers out on the Internet. Generally only servers need to do that. The philosophy of this network policy is to block those initiated external contacts except to a limited set of computers, such as the campus web servers or mail servers, that need to respond to computers outside Kenyon.

6. I like to play computer games over the network. Will the firewall policy affect this?

No, probably not. There are some computer network games where one computer acts as a server and others connect to it. If you set up your computer as a game “server”, gamers external to the campus network will not be able to access it. However, most network computer game traffic is severely restricted already by our bandwidth limitation policy.

7. Will chat (such as google hangout, skype) with outside computers still work with Firewall policy in place?