NACS has purchased a new device to offer yet another layer of network security for users of UCInet.
Called a VPN (for “Virtual Private Network”) the new Cisco 3060 VPN Concentrator offers a wide range of security features, depending on how and where you use UCI network resources.The main purpose of the VPN is to allow desirable network traffic and to exclude unwelcome network access.
The VPN in operation is invisible to most users. Then only kind of traffic the VPN won’t permit onto or off campus involves NetBIOS, Microsoft’s proprietary network protocol. NetBIOS is used when accessing shared directories from Windows servers. Accessing Windows “shares” from off campus is inherently insecure, and has resulted in a number of serious network attacks.
In order to take advantage of the VPN, users will have to download and install a client application which works with the VPN to “tunnel” your network traffic through the barrier the VPN otherwise imposes. Permission to tunnel is granted after authenticating with one’s UCInetID and password.
However, protecting the campus from insecure use of NetBIOS is not the only advantage to the VPN. All traffic may be routed through the VPN, at your discretion, in which case it is all encrypted to prevent “packet sniffing.” Ordinarily, appropriately situated computers can watch (“sniff”) network traffic, and possibly reconstitute confidential information such as passwords.
Also, use of the VPN can make your off-campus computer appear to be a UCInet host, which means you can access campus-only network resources (such as Library reference materials).
Since encryption and address translation impose a modest cost to the performance of the network, the VPN offers two modes of tunneling: full tunneling (in which case all traffic is encrypted by the VPN client, routed onto campus, and forwarded to its final destination) and split tunneling, in which case only traffic bound for UCI goes through this process. Activation of the VPN client and choice of tunneling modes can be made a boot-time option for permanently installed (desktop) systems but is not recommended for roaming (laptop) systems which may need different configurations in different places.
This may all seem complex. NACS is ready to help you examine how you use the network, and which option makes sense for your style of use. More information and examples of how to take advantage of various features of the VPN can be found athttp://www.nacs.uci.edu/security/vpn.html