Network Security Levels Provided by UIUCnet

Most of the security protections on the UIUCnet network are like a wall around a town -- they're intended to protect from outsiders while allowing easy communication within the "town walls." They aren't intended to protect your computer from your on-campus neighbors' computers, which means that your computer should still have its own "fence" inside the UIUCnet "town walls." The strengths and limitations of several UIUCnet security measures are discussed below.

Campus firewalls

The campus firewalls are the foundation of many of UIUCnet's security protections. The firewalls define the perimeter of UIUCnet, and any information entering or leaving campus is checked at the firewall. When new viruses or other online attacks affect the Internet, they can often be filtered and blocked at the campus firewall level.

However, if someone has a computer that's gotten infected, and that computer is brought onto campus, then the infected computer is inside the firewalls and won't be subject to the filtering.

For this reason, it's valuable to have your own personal firewall in addition to antivirus software. Not all attacks are virus-based, and personal firewalls will catch attacks that neither your antivirus software nor the campus firewalls can prevent.

For more information on personal firewalls, see Personal Firewalls.

VPN server

Because wireless communication can be overheard by any other computer on the wireless network, the VPN system provides a way to secure network communication until it reaches the campus wired network. It uses encryption to make sure that any network communication that's intercepted can't be understood by other computers, like creating a temporary private line that runs from your computer to the VPN server.

For the same reason, if an off-campus user uses the VPN, whether from a wireless coffeehouse or from a home network, then the off-campus user will be permitted to connect through the campus firewalls, and their computer will be identified as belonging to someone who has access rights to on-campus systems.

While the VPN server provides a vital way to securely connect to on-campus resources, it's subject to the same "once you're inside, the restrictions are lowered" benefit-and-drawback combination as the campus firewalls. The "private line" that you create runs from your computer to the VPN server, which is located on campus and within the campus firewalls. After you've connected, you will be treated as though you are using a computer within the firewalls; you will have easier access to on-campus computers, and on-campus computers will also have easier access to your computer.

For more information about VPN security, see Overview of VPN Security.

UIUCnet QuickConnect

UIUCnet QuickConnect is designed for simple access to UIUCnet for on-campus wireless and walkup network users who don't need all the features that the VPN server provides. UIUCnet QuickConnect's best feature is its ease of use: all you need is a standard web browser and your NetID and Active Directory (AD) password.

Note that only one point is secured: your initial login. After you've authenticated with your NetID and AD password, any wireless network communication you perform is unencrypted and able to be overheard by other wireless users.

For this reason, QuickConnect offers only a limited number of services, to provide the most commonly-used network features (such as web and email access), restrict unsecured services (such as FTP), and provide access to secure services (such as Secure FTP).

For more information about what UIUCnet QuickConnect does and does not provide, see UIUCnet QuickConnect and Security.

CITES Express Email

Unlike most physical mail sent through the post office, email doesn't automatically have an "envelope" to keep the contents private while it's being sent across the network. Instead, email is normally treated like a postcard: both the address of the recipient and the contents of the message are visible to everyone in the network as it's being handed from computer to computer.

CITES Express Email and other similar email programs use password-securing mechanisms such as SSL, secure POP, and secure IMAP to keep your password private as you log in to the email system and send or receive your own email.

However, these security measures protect only the connection between your computer and your email server. Once it leaves the server for its destination on another email server, email is typically not encrypted, which is why you should never send sensitive information like password or credit card numbers through regular email.

For more information about email security, see the Email Security Scenario.

For more information

For more information about basic computer security, see the CITES Security Scenarios.