The UVa More Secure Network (MSN)
Overview & Explanation
The University is continually working to improve computer security across the Grounds at a variety of levels. Included in this effort is the provision of an additional layer of security within the University network known as the UVa More Secure Network (MSN). The MSN is available in most buildings around Grounds except residence halls.
- The UVa More Secure Network uses a firewall, a network security device designed to help protect your computer from hackers and other malicious people on the Internet.
- The public side of the firewall is connected to the Internet or some other insecure public network.
- The private side of the firewall connects to an organization's internal network. The firewall helps protect the computers on the internal private network from all of the computers and unknown people on the public network and the Internet.
- Moving your computer to the UVa More Secure Network places it on a more secure private network located behind the firewall which means:
- Through the firewall, your computer can make outbound connections to access services on the public network and the Internet.
- At the same time, the firewall blocks attempts by remote computers to make inbound network connections to your computer–one of many ways hackers attack and probe your computer for vulnerabilities.
- Although a firewall is a strong perimeter defense, it does not help to protect against attacks from other computers located on the same private network.
What This Means for:
The More Secure Network was designed to be transparent to the average user. A growing list of network applications have been tested and most users will not be able to tell if their computer has been moved to the MSN.
It is not possible to run servers that provide content to the general public on the More Secure Network because the firewall blocks attempts to establish inbound connections.
By blocking all inbound connections, the firewall does prevent some applications from working in their normal manner. For example, video and audio conferencing products that use the H.323 standards use inbound connections when placing a new audio or video call. If the call recipient is on the More Secure Network and the calling party is on a different network, the videoconferencing client will not be able to establish the connection since it will be blocked by the MSN firewall. This problem can be mitigated to some extent by using one of the MultiPoint Conference Units (MCU). See the ITS videoconferencing website for additional information. Some specialized conferencing and peer-to-peer software will not operate properly through the firewall. Users of these applications should either move all of their computers to the More Secure Network or, if this is impractical, they should leave these systems on the standard University network.
Users on the UVa MSN can send jobs to printers also on the MSN. Users on the regular University network can not send jobs to printers that are on the MSN.
For questions about the More Secure Network, contact us.