The new firewall system currently being installed in all campus residence halls is ready to protect the university network and make for safer computing, regardless of recent student criticism, Penn State officials said.
As of the end of last week, 14 buildings and Nittany Apartments had received the network upgrades that included the new residence hall firewall system.
June 17 has been set as the target date for all residence halls to be protected by the firewall, with the entire university to be covered by July 15, said Joel Weidner, associate director of information systems for the Department of Auxiliary and Business Services.
Robin Anderson, associate director of communications for Internet Technology Services, explained that the increasing number and severity of viruses and security threats last summer led to the necessity of a new firewall system.
Reaching unprecedented levels this fall as students returned, the security risk was so great that merely plugging a computer into the Penn State network resulted in almost certain infection, Anderson added.
While the university will not be releasing specific information on how the firewall works for security reasons, the system works much like other firewalls, Weidner explained.
Communication between computers has to be initiated by a computer within the residence halls, such as a student simply browsing a Web site. Any information that comes back into the network must be associated with that initial communication out. Any attempts to communicate with a computer in the network initiated by outside sources are rejected by the firewall, Weidner said.
Servers that run the new firewalls are distributed one per Local Area Network (LAN), which in most cases covers only one residence hall.
Keeping with original computing policies, the new firewall system does not attempt to see what information students are looking at and what is being sent to a user's computer, Weidner explained.
"The firewall does not look at detailed information, it just restricts traffic not associated with an initial request," he said. "It's just like the post office; they look at the outside of the envelope to make decisions on how to send it but don't open it up."
While Penn State was not the first to implement such a firewall, there are still many schools that have no organized protection, Anderson said. However, unlike Penn State, many of the schools with protection monitor the information that students are downloading.
As part of this procedure, any servers being run within the network will not function properly since outside computers can not initiate a communication with the server.
Along the same lines, e-mail will only work properly if the user is connected to the smtp.psu.edu server for sending mail.
Weidner said that while viruses can still be acquired through opening e-mail messages containing malicious attachments, Trojan horses for the most part will be prevented. Trojan horses install themselves on a user's computer, allowing a hacker to remotely access parts of that computer. These horses can still be installed when the user opens a bad attachment, but the hacker can no longer connect to the user, rendering the Trojan horse ineffective.
In terms of instant messaging, the most popular systems used by students were tested and still work through the firewall. However, to access the direct connect features, computers within the residence hall network need to be reconfigured, Weidner said. Instructions for this reconfiguration can be found at ResCom's Web site (www.rescom.psu.edu/pages/firewallfaq.htm), which addresses firewall issues.
The university has also adjusted the firewall in an attempt to curb illegal file sharing using peer-to-peer programs such as Kazaa. However, the new Napster program should still function normally, Weidner said.
Anderson said that while this firewall is required in all residence halls, other departments across the university are not mandated to install the system but it is strongly encouraged.
While the residence hall firewall may be inconveniencing some students, it is more secure against the constant threats than a personal firewall installed on a computer, Weidner said.
"A malicious program is already on the computer before it is evaluated by a personal firewall. People are constantly scanning networks for machines to exploit," he said.
For the most part, Weidner was surprised at the relatively low amount of student criticism. Out of about 6400 students who have been connected to the firewall, Weidner has only received 40 formal complaints.
The vast majority of computer users who simply browse the Web, chat online and use e-mail have not been affected, Weidner explained.
He said that once the firewall has been completely implemented, some of the more serious complaints would be addressed.
Some students living in areas protected by the firewall have complained that they cannot transfer files from on-campus labs to their home computers. One solution to this would be to designate a certain number of lab computers that would allow files to be transferred into the residence hall network.
Other exceptions can be made to run personal servers if a student gets written permission from a faculty member to do so for class work, Anderson said.
He explained that security measures are not directed completely toward the students, but the university needs to protect its network and itself.
While the firewall may inconvenience some students, it is necessary, and often, sacrifices must be made to provide increased security, Weidner explained.
"It is unfortunate that this is the kind of world we live in, and securities must be added to change behaviors," he said. "It would be nice if we didn't have to swipe cards to get into the buildings, too, but there is always a trade-off between convenience and how much security is provided."
