Firewall FAQ

Manually identifying and blocking all known attackers in the world would be an impossible task without a firewall. Our firewall blocks:

  • botnets
  • spammers
  • phishers
  • malicious spiders/crawlers
  • virus-infected clients
  • clients using anonymizing proxies
  • DDoS (Distributed Denial of Service) participants

Yes, the following colleges use the same one we do: 

  • George Fox University
  • Oregon Tech
  • Pacific University
  • Multnomah University
  • Reed College
  • Rogue Community College
  • Umpqua CC
  • Warner Pacific College
  • University of Western States

More and more colleges and organizations are recognizing the need to hire specialists in cyber security to address the growing threat of cyber crime.

Through a service called IP Reputation.  IP reputation leverages many techniques for accurate, early, and frequently updated identification of compromised and malicious clients so attackers are blocked before they target our servers or end users.  Data about dangerous clients derives from many sources around the globe, including:

  • Global Firewall service statistics
  • honeypots
  • botnet forensic analysis
  • anonymizing proxies
  • 3rd-party sources in the security community

Our firewall service compiles a “wellness” reputation for each public IP address. Clients will have “infected” reputations if they have been participating in attacks, willingly or otherwise. Because blacklisting innocent clients is equally undesirable, our firewall service also restores the reputations of clients that remove their “infections”.   Some organizations don’t take information privacy seriously enough, and their computers are easy prey for attackers.  As soon as their computers are cleaned, and safeguards are put in place to protect privacy, their IP reputation is updated.  Thus access is restored when an infected computer is cleaned

No, browsers such as Chrome, Firefox, and Safari block or put up warnings about websites they detect as being unsafe.  Increasingly, websites with mixed content are being flagged as “unsecure”.

*Mixed content is when a web page is loaded over a secure connection (HTTPS), but parts of the same page are loaded over non-secure (HTTP) connections.

Call the Helpdesk at x4444.  Our firewall administrators will determine if there is a malfunction or if the blockage is due to a real threat.

Since the database of infected sites is global most sites have already been given a “wellness” score in the database.  Thus most of the websites in Moodle-based classes will probably not experience any delays.  However, if you build/use a brand new website, since it has not been scanned and categorized as “safe” or “malware-free” you may experience a delay.  If you don’t have any brand new websites that have not yet been accessed, delay probability is low. 

If you do experience delays that last more than 10 minutes, please call the helpdesk at x4444, because something else might be going on that we need to investigate.

Most of the student searches will yield sites that are already in the global database which means there will be no delay.  We expect there will be little impact on your class.

If a phishing email is clicked on, or a website with a payload is visited, virus and anti-malware protection may not stop it.  In addition, turning off the protection means we are compromising the school’s infrastructure. For instance, if firewall rules were turned off, denial of service attacks or other malicious attacks could be launched from our campus network by a third party from anywhere on the globe.

Deep Freeze will protect the computer images in labs from most threats, but until a reboot takes place, these computers can harbor malware.   Attacks can be launched and other machines can be compromised.   A single compromised computer can spread lots of havoc on the network and beyond even while frozen.

No, but if you put URL links in the class to websites that are brand new (i.e. just built) those links might need to be scanned by the firewall.  For instance, suppose you decided to create a website that hosts animated 3-D models for chemical structures called MyOwnChemicalStructures.com.  You built the website over the summer and just brought it online in the fall.  The first time someone tried to view it would result in the site being scanned.  Once scanned, as long as the host server is clean of malware, there would be no delays.

We have hundreds of attacks every single day.

They come from all over the world.  There are dozens of state (i.e. country) sponsored hacking groups targeting the United States, United Kingdom, and Israel in particular but other countries as well.  These groups look for targets in business, medicine, education, and other organizations including our electrical infrastructure grid.  Please refer to the following link for some information about the activities of some of these groups:  https://www.darkreading.com/attacks-breaches/8-nation-state-hacking-groups-to-watch-in-2018/d/d-id/1331009?image_number=1

The Educause Center for Analysis and Research (ECAR) is a research group whose work is targeted specifically to IT professionals and higher education leaders.  It is the only subscriber-driven research organization dedicated to understanding IT’s role in colleges and universities.  They publish a top ten issues list for IT leaders in higher education each year.  For the past three years Information Security has been ranked number one on their list.

Here is ½ hour presentation from the University Business Executive Symposium held in Dallas, Texas on October 3-5, 2018 targeted at Presidents, Provosts and Higher Education Leaders concerning Cyber Security.

https://ubtech.mediasite.com/mediasite/Play/932b498cafc7447cb9d65245ab5f729a1d

Just by visiting a site, the site deposits a payload on your computer, tablet, phone or other computing device.  Learn more here:

https://heimdalsecurity.com/blog/how-drive-by-download-attacks-work/