The Fully Closed group is designed for desktops and for servers that serve only on-campus users. It allows traffic to leave the computer without restriction, and allows responses to the user's requests. It blocks all incoming traffic from off campus that is not in response to a user's request. It's too restrictive for a server with off-campus users.

This is the default group to which all machines belong, until and unless they are transferred into a different group.

Services allowed in

None

Services allowed out

All (except the ports that are always blocked in both directions)

Advantages

• Computers in this group are at very low risk from attacks from outside the university.
• Traffic to other campus units is unaffected, so a department that wants to offer services only to campus addresses can do so easily.

Disadvantages

• Computers in this group are still vulnerable to other machines on campus, so a department must still be concerned with security patches on these machines.