Network - General Information About Security Devices On The Campus Network

Michigan State University uses Next-Generation FireWalls (NGFW) to coarsely filter potentially malicious traffic.  NGFWs are used to protect the campus network from known attacks. NGFWs have been placed at the border, and at select locations within the campus network. The NGFWs examine every data packet that flows between MSU's campus network and the global Internet, looking for known attack signatures and protocol anomalies. Some NGFWs also inspect data packets flowing within the campus network. When a NGFW encounters a packet that matches a known threat, the packet is not delivered, and the NGFW logs the event.

The following ports are blocked at the border for traffic coming from, as well as traffic going to, the Internet:

  • 135-139,
  • 445, and
  • 593

The firewall also blocks unsolicited incoming connections from off-campus with a destination in the following ranges:

  • Staff DHCP
  • Residence Halls DHCP
  • Wireless
  • Computer Classrooms

From time to time the campus network undergoes particularly extreme attacks. At such times one or more firewalls may find their resources taxed, interrupting communications across the campus network, or to or from the Internet. Once the attacks are identified and the sources are blocked, network performance will return to normal.

MSU contracts with third-party security vendors to load NGFWs with the latest threat intelligence and reputation blocklisting. Sometimes categorization is automated and customer feedback is an important part of the threat management lifecycle.

Sometimes a device on the campus network may emit traffic that is not malicious but that fails to follow protocol specifications in a potentially dangerous manner. On extremely rare occasions, it is possible that an NGFW will register a "false positive" and interrupt benign network activity. In either event it may be necessary to update configurations to restore connectivity.

Network outages and performance issues are reported at http://servicestatus.msu.edu (link). Individuals and units having questions about the MSUnet NGFWs or who believe their systems or regular network usage may be adversely affected by the NGFW should contact the MSU IT Service Desk at (517) 432-6200.

Print Article

Related Services / Offerings (2)

Wired Network
The Networking Team takes on the critical role of upholding and enhancing the university's expansive wired network infrastructure, which includes providing internet service to Merit network. Their responsibilities span across the entire network ecosystem, covering the campus core, building edge, datacenter core, and satellite networks. This complex network management facilitates the seamless flow of substantial data, meeting the modern campus community's ever-increasing demands for connectivity and data access.
Wireless Network
The Networking Team is responsible for delivering extensive university wireless services that prioritize widespread coverage and adaptability for the modern campus community. Their responsibilities encompass hundreds of campus buildings, with a strong focus on delivering excellent customer service and user-friendliness. This wireless service incorporates Eduroam, ensuring easy access for both the campus community and guests, fostering a seamless and efficient wireless experience.