October 8, 2018

Next phase of security enhancements for UW network further reduces risk

New protections designed to reduce risk to the UW network begin on October 16, 2018, when UW-IT will block specific channels or ports on the UW network from incoming Internet traffic. Analysis shows these ports are frequently abused. Little or no impact is expected for a majority of network users. This is the second phase of security enhancements to protect the UW network against an increasing number of malicious attacks that put devices, systems and data at risk. These ports will continue to work between devices on the UW network. Little to no impact is expected for the majority of UW network users.

Owners of subnets who may have devices on their subnets that could be affected by the change were contacted directly via email and asked to take appropriate action.

Ports to be blocked

The list of ports that will blocked from Internet traffic coming from outside the University include:

  • PORT 19 – Character Generator Protocol (CHARGEN)
  • PORT 21 – Unsecured File Transfer Protocol (FTP)
  • PORT 23 – Telnet
  • PORT 111 – Open Network Computing Remote Procedure Call (ONC RPC/Sun RPC)
  • PORT 161, 162 – Simple Network Management Protocol (SNMP )
  • PORT 389, 636, 3268, 3269 – related to Lightweight Directory Access Protocol for authentication (LDAP)
  • PORT 593 – Remote Procedure Call over Hypertext Transfer Protocol (RPC over HTTP)
  • PORT 5985, 5986 – Remote Management for Windows (WinRM)
  • PORT 9100 – Page Description Language (PDL) Data Stream (used for network printers)

Subnet owners should identify legitimate uses for inbound traffic on these ports, and can work with UW-IT to explore mitigation options. If required, exemptions from the port blocks for these systems will be provided.

Why are these changes necessary?

The increasing attacks on the UW network present a serious security risk to the University, and hostile traffic comes through the network ports identified above. Blocking these ports will reduce the University’s vulnerability to these. Network port blocking of inbound traffic is a common practice used by many large organizations, including numerous higher education institutions.