Network security increases for wireless Visitor network
Currently, anyone who uses the wireless network known as 'Rice Visitor' has access to resources intended to be available only to members of the Rice community. To increase security for internal Rice resources, a new policy will be implemented for the Visitor network on Thursday, June 25, 2009. The new policy will curtail anonymous access to internal Rice network resources, such as campus printers.
This restriction on public access to internal Rice resources follows the original plans for migrating Rice resources to the newest campus network, RiceNet2, which began in 2005. It also augments security changes made to the Faculty/Staff network in October 2008 (see reference below).
After the June 25 change, guests accessing the Internet through Rice's wireless Visitor network will experience connectivity similar to that in other public venues like restaurants and airports. Any Rice resource available through a private ISP will also be available to guests on the network.
What the change means for Rice community members
Rice community members may be using the Visitor wireless network as their primary means of connectivity without realizing they should be using the secure Rice Owls wireless network instead. Like non-Rice community members, Rice employees and students will be blocked from internal Rice resources like campus printers if they attempt to connect through the Visitor network on or after June 25, 2009.
Note: In early June, IT began discussing the implications of the increased security with departments that show heavy printer usage from computers in the Visitor network. In the areas where Visitor printing to campus printers remains necessary, we have arranged a solution. If your area has a similar need but IT has not yet been in touch with you, call the Help Desk (713.348.HELP) to request assistance with printing for your guests.
Most portable computing devices were set up to connect to the secure wireless network, 'Rice Owls,' during the RiceNet2 migrations conducted in every university building and location between 2005 and 2007. However, if you have a newer laptop or other portable device and have not yet set up Rice Owls as your default wireless network, you have several simple solutions.
1) Easy-to-follow instructions can be found in IT Tutorials.
2) Request assistance setting up Rice Owls through the Help Desk. A Help Desk staff member can either walk you through the process by phone or can refer your request to your department's IT support staff.
3) Bring your laptop to the wireless set-up sessions in the Mudd Lobby Tuesday through Thursday afternoons from 2:00 - 4:00 p.m. on June 23, 24, and 25.
Previous change to Faculty and Staff networks, October 15, 2008
On Wednesday, October 15, 2008, Information Technology (IT) changed the security configuration for the Faculty/Staff network*. The change differentiated an internal-to-Rice network from the global Internet. Faculty/Staff desktop systems using private IP addressing no longer serve the Internet or accept externally-initiated connections. Earlier in the fall, a similar change was implemented on the student network without incident.
Impact of change for Rice Internet users: minimal or no impact is anticipated. RiceNet2 migrations of systems that provide services to the Internet should have proactively handled any problems. If you need to serve the Internet or accept externally-initiated connections, you may simply request a public IP address in the faculty/staff affinity group, which allows certain common types of externally initiated accesses. Furthermore, if you need additional types of externally initiated accesses, IT can place your system in a different affinity* group.
Purposes for change:
• Improve reliability of Internet connections by removing the cause of recent outages. There have been seven within the last two weeks.
• Increase security and reduce vulnerability of Rice desktop computers from external attacks. Rice averages 96,551 malicious attacks each day and these will be blocked at the campus network border with this change.
• Ensure that privately-addressed systems stay private. Currently, private Rice IP addresses can be accessed from the Internet without impediment from our firewall.
More details about Rice’s Network Architecture and this security change can be found at http://www.rice.edu/it/network/affinity.html. This document includes results of applications that IT has tested within the new security environment.
*The Open, DMZ, and Research networks were unaffected. This work did not affect the faculty and staff desktop or lab computers that had been configured with public IP addresses.
6100 Main, Houston, Texas 77005-1827Mailing Address: P.O. Box 1892, Houston, Texas 77251-1892