Networking, Firewall, Fully Closed + Remote Administration + UI Group Details
For IT Pros This page contains information about the "Fully Closed + Remote Administration + UI" campus firewall group.
The Fully Closed + Remote Administration + UI group is designed for desktops and for servers that serve only University of Illinois users (at any of the three campuses). It allows traffic to leave the computer without restriction, and allows responses to the user's requests. It blocks nearly all incoming traffic from outside the University that is not in response to the user's request. It's too restrictive for a server with off-campus users.
The difference between the Fully Closed group and a group with the RA designation is that this group was intended to allow users and administrators to remotely administer the computer from off campus. In this group, ports used to be allowed for remote administration.
Note, in 2017 the Chief Privacy and Information Security Officer placed significant restrictions on inbound traffic for Remote Administration services. As such, the only remaining ports allowed by the +RA modifier are ports 3283 and 5988.
The difference between the Fully Closed + Remote Administration group and this group is that this group allows unrestricted access among all three University campuses. (The Remote Administration-only group will only allow unrestricted access to users at the same campus.
[Doc 47570 is unavailable at this time.]
From computers that are not part of the University network:The permitted ports are 3283, and 5988.
To computers that are not part of the University network:
All (except the ports that are always blocked in both directions)
- Computers in this group are at very low risk from attacks from outside the university.
- Traffic to other University locations is unaffected, so a department that wants to offer services only to other University affiliates can do so easily.
- Power users and administrators can access the computer from outside the firewall for administration purposes.
- Computers in this group are still vulnerable to other machines at any of the University campuses, so a department must still be concerned with security patches on these machines.