Generel information about the bwCloud Regions[scope_network_1]

The data centers of the universities of Mannheim, Ulm, Karlsruhe and Freiburg are blocking some ports in their respective own networks for security reasons. The bwCloud region is also affected by this, as the bwCloud hardware is connected to the central network infrastructure.

Open and closed ports in the bwCloud Mannheim[scope_network_2]

To ensure a certain basic protection in the network of the University of Mannheim, certain applications have been blocked at the borders of the university network to BelWü since October 1999. However, this is not intended to be a central firewall for the university, but rather to filter out the worst nonsense at the external borders of the University of Mannheim according to the "onion-skin principle".

In the range - (wellknown ports) the following ports are open in server networks:

Transport Port Protocol Description Blocking
TCP (open) 22 ssh SSH-Server in/ outbound
TCP (open) 80 http Web-Server in/ outbound
UDP,TCP (open) 443 https Web-Server over SSL in/ outbound
TCP (open) 465 smtps SMTP over SSL in/ outbound
TCP (open) 587 submission Message Submission in/ outbound
TCP (open) 990 FTPs ftp protocol, control, over TLS/SSL in/ outbound
TCP (open) 993 IMAPs IMAP Mail over SSL in/ outbound
TCP (open) 995 POPs POP Mail over SSL in/ outbound

The following ports are blocked in the range above 1023:

Transport Port Protocol Description Blocking
TCP 1433,1434 MS-SQL MS-Office inbound
TCP 1501 TSM Backup inbound
TCP 1900 SSDP Service Discovery inbound
UDP,TCP 2049 NFS Filesystem inbound
TCP 2967 Symantec Symantec inbound
UDP 3283 Apple Apple Remote Desktop inbound
TCP 3306 mysql mysql inbound
UDP,TCP 3389 RDP Remote Desktop inbound
UDP 3702 Printer WS-Discovery inbound
UDP,TCP 4045 lockd Filesystem inbound
TCP 4369 EPMD PortMapper inbound
TCP 5000 UPnP Universal Plug and Play inbound
UDP 5353 mdns Multicast DNS inbound
TCP 5432 PostgreSQL PostgreSQL inbound
TCP 5985 WinRM WinRM inbound
TCP 8333 Bitcoin Bitcoin Full Bode inbound
TCP 8080 www-alt Alternativer www Port inbound
TCP 9075 nx-os Cisco Nexus inbound
UDP 11211 memcached inbound
TCP 27017 MongoDB MongoDB inbound
UDP 32100 IoT IoT outbound
UDP 32414 open-SSDP Plex Media Servers inbound

Consequences of the packet firewall for the users:

The most important effect for users is that the data network runs more reliably and securely. To a large extent, hacker attacks are already blocked at the packet firewall and no longer reach the campus and end systems. The importance of this protection can be seen in the fact that attack attempts now occur almost daily.

In addition, however, there are a number of restrictions that need to be considered: If services other than those listed above and generally enabled are to be accessible from the outside, this must be reported to the university IT. The corresponding service will then be enabled on the packet firewall.

It can also happen that connections to certain services that were supposedly established from Mannheim do not work. This is always the case if the external server wants to establish a connection back to Mannheim to provide the service, which is often not easy for the user to verify.

Résumé:

The Packet Firewall has proven itself very well so far. Nevertheless, every operator and user of a computer connected to the network must be aware of two things: the Packet Firewall only protects against attacks launched outside the Mannheim data network and it only provides partial, not absolute protection.

Privacy statement   |   Impressum   |   Site built with Simple Responsive Template   |   Modified:23.8.2023before midday byAS