University of California, Riverside

Security



Network Security


Computing and Communications has deployed various systems, tools, and processes in place to secure UCR’s network while guarding the privacy and confidentiality of campus electronic communications. This web page provides an overview of some of these measures, including information on C&C’s departmental firewall services. For more information about network security or to dialog about particular departmental needs, please contact Russ Harvey, Director, Computing Infrastructure and Security (russ.harvey@ucr.edu).

Access Control Lists (ACLs)

The border or perimeter security is the first line of defense in protecting the campus from external threats. As traffic traverses the edge of the campus network, it is compared to specific rules to grant, deny, or limit access to resources based upon predefined criteria. Access Control Lists (ACLs) mitigate high-risk traffic from entering or leaving the campus. Following details the access control entries as currently deployed on the network border:

  • Known attack sites:

    Some off-campus Internet sites have a history of sending malicious traffic. Traffic originating from these machines is dropped.
  • Address spoofing:

    Attackers will frequently attempt to masquerade their identity by forging the source of their attack. These rules prevent attackers from using internet addresses (IP numbers) that are not registered to them. Traffic is blocked where:
    • Incoming traffic have a source address from our network.
    • Incoming traffic do not have a destination address that is within our network.
    • Outgoing traffic does not have a source address from our network.
    • Outgoing traffic has a destination address of our internal network.
  • Microsoft Windows:

    In recent years, there have been a number of vulnerabilities affecting Microsoft Windows services. UCR’s ACLs prevent the following types of traffic from affecting Windows workstations and servers:
    • Network traffic that attempts to enter the campus from the Internet destined to Microsoft Windows file and print sharing services.
    • Network traffic that attempts to enter the campus from the Internet destined to Microsoft Windows services that historically have been vulnerable to worms.
  • Domain Name Service:

    Internet domain names such as google.com, msn.com, and ucr.edu are mapped to a unique number, known as an Internet Protocol (IP) address. UCR maintains a number of DNS servers that provide this type of translation for its internal systems. In order to prevent on-campus rogue DNS servers from serving bogus requests, UCR uses ACL rules which drop all DNS requests from off campus that are not destined to campus approved DNS servers.

Network Monitoring

Three types of monitoring are done at the border. One collects statistics from the border network equipment about traffic rates, the next records network connection information and the third analyzes network traffic to assist in intrusion prevention.

Network Statistics

The system which saves and displays traffic statistics is also able to send alarms to appropriate security personnel when the data rates vary above or below defined thresholds. These alerts signify abnormal (too high or too low) traffic patterns resulting in notification to security and network administrators.

Network Recording

The second type, network traffic recording, saves the connection information for all network traffic going off-/on-campus. For example, if a complaint is received from someone off-campus claiming a UCR machine attacked their site, the recorded network traffic can be looked at to verify that the two systems actually did exchange network traffic. The network recording information is much like the itemization found on a cell phone bill, number from, to, time start/end but with the addition network protocol information. It should be noted that this recorded traffic does not contain the content of the traffic (that is, the data that was exchanged).

Intrusion Detection

The purpose of Intrusion Detection Systems (IDS) is to inform security administrators of potentially malicious network activity. For example, if a machine from off campus is scanning UCR machines looking for vulnerable systems to compromise, the system scanning UCR's network will be denied network access onto campus. The IDS examines packet payloads (contents) for adherence to protocol rules and compared to known attack signatures - even threats at the application level. All on-/off-campus network traffic is analyzed.

Firewalls

Computing and Communications offers, for a fee, firewall services to any department who desires further protection from attack. A firewall acts to filter data to and from servers and workstations on campus, allowing only legitimate traffic to pass through. Although they cannot prevent all types of attacks, firewalls have proven to be a useful tool in many environments. The firewall solution currently being offered for deployment, offers the greatest protection at the least possible cost to departments.
More Information about Firewall Service.

If additional information is needed or to speak with someone regarding additional security, please email bearhelp@ucr.edu.

More Information 

General Campus Information

University of California, Riverside
900 University Ave.
Riverside, CA 92521
Tel: (951) 827-1012

Department Information

Computing & Communications
Computing & Communications Bldg.

Tel: (951) 827-4741
Fax: (951) 827-4541
E-mail: helpdesk@ucr.edu

Footer