Networking, Firewall, Fully Closed + UI Firewall Group Details
Summary
The Fully Closed + UI group is designed for desktops and for servers that serve only University of Illinois users. It allows traffic to leave the computer without restriction, and allows responses to the user's requests. It blocks all incoming traffic from outside the University that is not in response to a user's request. It's too restrictive for a server with off-campus users.
The difference between the Fully Closed group and this group is that this group allows unrestricted access among the three University campuses. (The Fully Closed group only allows access within the same campus.)
Internet: Services allowed in
From computers that are not part of the University network:
None
Internet: Services allowed out
To computers that are not part of the University network:
All (except the ports that are always blocked in both directions)
Advantages
- Computers in this group are at very low risk from attacks from outside the University.
- Traffic to other University systems is unaffected, so a department that wants to offer services only to University addresses can do so easily.
Disadvantages
- Computers in this group are still vulnerable to other machines at all three University campuses, so a department must still be concerned with security patches on these machines.