Information Technology News

The latest news from the Office of Information Technology

You are here: Home / Archives for VPN

VPN

Restricted Web Sites

by

Faculty and staff often find it necessary to conduct research or other University business from off campus. NACS has been providing tools for this class of use for many years.

In particular, certain network resources (such as electronic journals licensed by the UCI Libraries) can only be accessed by authorized users, and that determination is based on whether the request for access comes from a computer on campus. So, the trick to getting to these resources from off campus is to appear to actually be on campus.

NACS has installed and configured a special server, the VPN (Virtual Private Network) which — once you have established your identity with your UCInetID and password — will take your network connection and make it appear to be a local UCI connection.

NACS provides a Web page which allows off-campus users to take advantage of the VPN server simply and conveniently, if the resource you wish to access is a Web site. Information on how to use the WebVPN can be found at http://www.nacs.uci.edu/security/vpn/webvpn.html

If the resource you need access to is not a Web site, NACS offers the Cisco VPN client, a program to download and run on your local computer which makes any or all of your Internet activity seem to originate from on campus. More information can be found at http://www.nacs.uci.edu/security/vpn/

Alternative to Proxy Service

by

UCI faculty, staff, and students have access to a number of restricted online resources — most notably those licensed by the UCI libraries — such as Scifinder Scholar.

Because these resources are licensed specifically to members of the UCI community, however, access to them is normally limited to systems on the UCI network.

Users, however, sometimes need legitimate access to these resources from off-campus as well. NACS currently offers two services that enable such off-campus access. The proxy service was created a number of years ago, and has been jointly maintained with the UCI libraries. More recently, NACS introduced the Virtual Private Network (VPN) service, offering additional functionality and improved performance.

Using the VPN is easy. Just download the appropriate client from the web address listed below, enter your UCInetID and password, and you are on your way. With the VPN in place, your laptop or home computer is treated as though it were right here at UCI, with all the privileges and access that implies.

Because the VPN is so powerful, flexible, and easy to use, the proxy service will be phased out in favor of the VPN over the coming year. NACS continues to monitor the performance of both services, and has recently performed an upgrade on the proxy server hardware to allow it keep up with the demand as we help users transition to the VPN.

For more information, please consult the following web pages.

New VPN on UCInet

by

NACS has purchased a new device to offer yet another layer of network security for users of UCInet.

Called a VPN (for “Virtual Private Network”) the new Cisco 3060 VPN Concentrator offers a wide range of security features, depending on how and where you use UCI network resources.The main purpose of the VPN is to allow desirable network traffic and to exclude unwelcome network access.

The VPN in operation is invisible to most users. Then only kind of traffic the VPN won’t permit onto or off campus involves NetBIOS, Microsoft’s proprietary network protocol. NetBIOS is used when accessing shared directories from Windows servers. Accessing Windows “shares” from off campus is inherently insecure, and has resulted in a number of serious network attacks.

In order to take advantage of the VPN, users will have to download and install a client application which works with the VPN to “tunnel” your network traffic through the barrier the VPN otherwise imposes. Permission to tunnel is granted after authenticating with one’s UCInetID and password.

However, protecting the campus from insecure use of NetBIOS is not the only advantage to the VPN. All traffic may be routed through the VPN, at your discretion, in which case it is all encrypted to prevent “packet sniffing.” Ordinarily, appropriately situated computers can watch (“sniff”) network traffic, and possibly reconstitute confidential information such as passwords.

Also, use of the VPN can make your off-campus computer appear to be a UCInet host, which means you can access campus-only network resources (such as Library reference materials).

Since encryption and address translation impose a modest cost to the performance of the network, the VPN offers two modes of tunneling: full tunneling (in which case all traffic is encrypted by the VPN client, routed onto campus, and forwarded to its final destination) and split tunneling, in which case only traffic bound for UCI goes through this process. Activation of the VPN client and choice of tunneling modes can be made a boot-time option for permanently installed (desktop) systems but is not recommended for roaming (laptop) systems which may need different configurations in different places.

This may all seem complex. NACS is ready to help you examine how you use the network, and which option makes sense for your style of use. More information and examples of how to take advantage of various features of the VPN can be found athttp://www.nacs.uci.edu/security/vpn.html

Access to UCI-Only Web Sites From Commercial ISPs

by

Note: The Web Proxy Gateway was replaced with the WebVPN

NACS is pleased to announce the UCI Web Proxy Gateway. The Gateway allows UCI faculty, students and staff with active UCInetIDs to access UCI-restricted Internet WWW resources from non-UCI network locations. This means UCI community members who use commercial Internet Service Providers (ISPs) such as Pacific Bell Internet or America OnLine (AOL) can now access key Web resources from off-campus.

In partnership with NACS, the UCI Libraries are providing UCI Web Proxy Gateway access from the UCI Libraries Homepage to key, previously restricted, research resources. These include: MELVYL‘s Medline, Current Contents, and INSPEC databases;Britannica Online; as well as many electronic, full-text journals available from publishers such as Johns Hopkins’ Project Museand the Institute of Physics. Additional resources will be added as they are acquired by the Libraries.

The UCI Libraries Homepage, including the complete list of electronic resources currently available, may be found at:http://www.lib.uci.edu/ The UCI Web Proxy Gateway, including detailed documentation, may be found at: http://gateway.uci.edu/

Please send questions and comments about the gateway to NACS@UCI.EDU.

Questions about Library resources may be sent to LIBRARIES@UCI.EDU.