Firewall choices for college network

N

n64man120

2[H]4U
Joined
Jan 11, 2004
Messages
3,498
Well I've always just used my router's hardware firewall, but I'm going to college and they are telling me running a private network (i.e. router in my room) is not allowed. Apparently viruses/spyware/etc is a big problem in college, so what should I set myself up with?

I'm going to use NOD32 for anti-virus purposes for starters. My NF4 board has some active armour thing. How effective is that, and is it automaticly running or do you have to do something to set it up?

Would that be all I need, or should I look to a software solution to fight off the evil college trash? I've heard ZA is good, I used to use it but it started to piss me off and I ditched it for my router. I'm open to trying again if it's the best one out there, but if it's not then what do you suggest. Like most people, I really hate crap that eats up tons of resources, but I want to make sure i'm protected.

Suggestions?
 
i say stick the router in your room anyways....keep it out of sight...out of sight out of mind...
or hell, even turn one of your old pc's into a router, theyll probably never know...but im not 110% sure, so dont take my word for it.
 
So a vote for Sygate? Yea a router would be the best option to protect me from all the dirty stuff out there, but each computer has to register with the network before being given access. I'm worried that perhaps the router wont be given access like it was a computer, since it isn't registered in the system.
 
College networks suffer from people not updating their comps, and so even stuff like blaster still propogate on them thanks to all the unsecured computers. :rolleyes:

I used Linux on the network (instant protection), but in Windows, I just kept everything updated (SP2+), used Kerio, kept all my spyware apps up to date. I never used an AV though, but nothing happened to me while all 90% of the network were getting raped by blaster and sasser and mydoom and such. :D
 
When I used to live in the dorms and used the college network I used ZoneAlarm. I actually still do and I recommend it. But not the new 6.06 version. I use the older 5.5.
 
Pfffft. Bring the router and go. The way I do it at school is have a computer act as a router, but a hardware router would probably work. For us, the router needs to be able to spoof a MAC address if it isn't a computer (your "registration" on the network ties your domain account and MAC together to give you a static IP to that MAC addy.) All you'd need to do is register your computer, figure out your assigned IP and your MAC address on that computer, and then tell the router that information. Of course, YMMV.

I'll tell you, though. I've been my residence hall IT guy for two years and I'm the student coordinator for hall IT people campus-wide this coming year. Viruses suck. Some of these computers go home for the summer and never get connected to the internet. Within 30 minutes of them hooking up and plugging in...what a mess. No windows updates, no AV updates....then they wonder why they have thousands of instances of spyware and they're thrown off the network for a virus...

In summary, if you don't take your router, use something.
 
i say use the router, if anyone asks, which is extremely unlikely, say its just a hub and you need it because of your xbox or something. if your college campus is like mine, i sure as hell wouldn't plug my computer directly into it. i have a job at my college's office of information technology and i know that they really don't care about anything (they're all lazy bastards) unless it negatively affects the network. if anything, using a router would help the network; it would prevent you from getting something that you could then in turn give to many other people. i additionally use windows xp firewall on top of the router. i have never had any problems whatsoever. of course, you have to both keep current with windows updates and run the latest definitions for your antivirus software. these 2 problems are the cause of about 90% of the computers that i have to fix (my job is at the helpdesk fixing people's computers)

like my shirt from thinkgeek says, practice safe hex and help prevent computer viruses today
 
Wipeout said:
Pfffft. Bring the router and go. The way I do it at school is have a computer act as a router, but a hardware router would probably work. For us, the router needs to be able to spoof a MAC address if it isn't a computer (your "registration" on the network ties your domain account and MAC together to give you a static IP to that MAC addy.) All you'd need to do is register your computer, figure out your assigned IP and your MAC address on that computer, and then tell the router that information. Of course, YMMV.

I'll tell you, though. I've been my residence hall IT guy for two years and I'm the student coordinator for hall IT people campus-wide this coming year. Viruses suck. Some of these computers go home for the summer and never get connected to the internet. Within 30 minutes of them hooking up and plugging in...what a mess. No windows updates, no AV updates....then they wonder why they have thousands of instances of spyware and they're thrown off the network for a virus...

In summary, if you don't take your router, use something.
Click to expand...

Thats very helpfull, I'm using the standard quality Linux router. Model ends in 45 or something, anyways I'll see if can to the mac address deal. That sounds like it's probably what I could do.

The IT guy got back to me today, and told me to call him about using the router. So i'll see what he says.
 
Yeah, I say see what he says. I mean, as the guy for my hall, if people know what they're doing and won't be a threat to the campus...who cares? Besides, if you know how to spoof a MAC...you're probably fine. :) Especially if you have a reason for it (i.e. multiple computers)...

Our IT guys don't have a problem with people doing stuff like this - hell, I can REQUEST to have ports opened if I want to host a web server. Small universities are the shit. :p
 
Northeastern is anything but small, but I'll see maybe this guy will be chill anyways

Edit: I'll have to see about what I should use, especially if I'm using a router. Without it, I'll be putting up brick walls. But I've gotta decide how paranoid I still am with it, NOD32 and Sygate seem like a nice combo, but less apps and resources is always nicer :D
 
Northeastern is pretty big, you're right. :) I have about 2800 undergrads at my school.

If they'll let you swing it, hardware is the way to go. Good luck. What are you studying, anyway? I'm a communication studies major (think broadcasting/journalism/HR/PR, even if I don't really want to do those).
 
Planning on computer engineering.

I didnt tell the guy any personal information, so even if he says its frowned on I could try and set a router up. Stuff like opening ports for a webserver, would be a separate issue I bet ;)
 
Our netops guys are total jerks, and I come from a small school with about 2800 undergrads. Whatever, you can run a router behind their backs, the RAs have no idea what they are, just call them switches. :p

Have fun in Northeastern, it's a pretty big college to say the least. I think it has around 13K undergrads, and the campus is huge, as well as really close to Boston University, so you'll just be surrounded by thousands of students.
 
Yea, well I've already been told straight up no switches allowed due to a IP address shortage lol. I'll just tell them not to worry about it. Gonna give this guy a call today and see what he says though.
 
Ok so I called the guy, talk about being a complete god damn asshole. I ask him if I can use a router so I have a hardware firewall...

Him - "No, the school only has a certain number of IP addresses to allocate".
Me - "Well a router would allievate that problem since I'm only using one address. It also supplies me with a hardware firewall to protect against the spread of viruses, etc"
Him - "Well if you look at the section for of the acceptable use policy, it says no routers, hubs, switches, wireless AP"
Me - "Ok it says that, but what is the harm in using a router?"
Him - "Because they want it that way"
Me - "You said the problem is IP addresses, the router doesn't have that issue, so whats the problem with it"
Him - "If you look at section 4 of the AUP... blah blah blah"

So basicly he keeps referring to the policy saying no routers, and won't give a legitamite response at all. Being a real asshole about it to. So he finishes off with...

"If you do use a router, we will track you down, and we will remove internet access from your room"

Soooo guys, since he's an anal nazi I'm second guessing the router idea now. Since my DFI board has 2 NIC's onboard, how would I go about using that to send the signal off to my laptop?
 
Well, I am a residential network consultant for West Virginia University. We use a slight variation on the standard ResNet that most major universities use and i can let you know some of the ins and outs.

First off, we actually modified the system to let students use routers this year, but last year it was a different story.

On our net we actually scan ports and watch activity. If we find evidenty of viral activity your port is shut off and you have to have your computer cleaned before you internet is re-enabled.

Since we register by MAC address and bind that to an IP that will be issued to you every time we had alot of students with multiple machines complaining. The only way around this in the passed was using a tower with multiple NIC's and sharing internet. But again, we are allowing students to use routers in their rooms for the firewall and because it lets them use multiple devices.

I would actually recommend just using the windows firewall and SP2. Those along with a good AV and spyware protection were all I had this past year in the dorm. I can tell you that I never caught a single virus, and I only found spyware once or twice on my system. If you have any questions you can PM me.
 
HAHAHA, same AUP as we have, i guarentee it. We alow routers only though. All you need to do is right click on the connection to their net, and under on of the tabs there will be an option to share the connection to the internet with other computers. Just enable that, and plug your laptop into the other port.

(BTW, from our side you really cant see that they are using a router if you they would register with their desktop, then broadcast their desktops MAC through the router, but i wouldnt risk it)
 
n64man120 said:
Soooo guys, since he's an anal nazi I'm second guessing the router idea now. Since my DFI board has 2 NIC's onboard, how would I go about using that to send the signal off to my laptop?
Click to expand...

Wow, that sucks. Here's what I do - I have 2 NICs, same as your desktop. The internet connection from the university goes into one. I tell my computer that I want to share that internet connection. When it asks what I want to share it on; I tell it I want to share it on the other network card. That is connected to my 8 port switch. The switch is what goes to my desktop, my docking station, and my wireless AP, for a total of four connections. It's quite handy. And, I think you could figure out how to use some technicalities in the AUP in your favor ("I don't have a router...see?!") It's not quite true, but...

Good luck.
 
blindingillusion said:
Well, I am a residential network consultant for West Virginia University. We use a slight variation on the standard ResNet that most major universities use and i can let you know some of the ins and outs.

First off, we actually modified the system to let students use routers this year, but last year it was a different story.

On our net we actually scan ports and watch activity. If we find evidenty of viral activity your port is shut off and you have to have your computer cleaned before you internet is re-enabled.

Since we register by MAC address and bind that to an IP that will be issued to you every time we had alot of students with multiple machines complaining. The only way around this in the passed was using a tower with multiple NIC's and sharing internet. But again, we are allowing students to use routers in their rooms for the firewall and because it lets them use multiple devices.

I would actually recommend just using the windows firewall and SP2. Those along with a good AV and spyware protection were all I had this past year in the dorm. I can tell you that I never caught a single virus, and I only found spyware once or twice on my system. If you have any questions you can PM me.
Click to expand...

Exactly what we do at my school as well.
 
Here, I'll quote it for you guys lol

4. Users may not offer, provide, lend, rent or sell access to University
information systems. Users may not provide access to individuals outside
the University community. Expansion or redistribution of Northeastern's
networking service is not permitted. Personal, private or departmental
switches, routers and wireless access points may not be connected to
centrally-managed network segments, except only as may be agreed to in
writing between the device owner and Information Services. For security
reasons, dial-up modems may not be in-use on computers while they are
connected to the University network, except only as may be required for
bona fide academic or administrative purposes, and where appropriate
security measures are in place.
Click to expand...

That idea of putting the switch behind your computer, is intriguing and genious! Hmm...
 
the reason why the university i went to (and work at the helpdesk for) didnt' allow routers in the room was b/c of the dhcp feature of the router. the switch should be the only thing providing ip addresses to computers on the floor. we have had situations were someone with a router either didn't allow a computer to get an ip address or screwed up their dns, so make sure that you have the settings configured correctly on the router as not to broadcast it to the whole world.

wireless routers were an issue as well because people would latch onto the non-univeristy ssid and it would prevent them getting connected to the schools

other than that you should be fine.
 
Yea I understand potential router problems, etc... but I'm not stupid like some people who would try to do this stuff... I'd just like to be able to use my laptop and desktop simultaniously. Along with not having to physically make a connection just to update the program guide on SageTV. I could go wireless, but for a dorm room I really dont care too much if theres a cable going to my laptop. It's nice without one but whatever.
 
mgars said:
the reason why the university i went to (and work at the helpdesk for) didnt' allow routers in the room was b/c of the dhcp feature of the router. the switch should be the only thing providing ip addresses to computers on the floor. we have had situations were someone with a router either didn't allow a computer to get an ip address or screwed up their dns, so make sure that you have the settings configured correctly on the router as not to broadcast it to the whole world.

wireless routers were an issue as well because people would latch onto the non-univeristy ssid and it would prevent them getting connected to the schools

other than that you should be fine.
Click to expand...

That's easy to fix, though...just pull the plug!!!!
 
Last year at my university i had a router/wireless AP in my room. I had the AP locked down and made the ssid invisible... never had a problem with IT with it... i go to a pretty small school (2800 people) so IT doesnt really have time to track down people with extra stuff of the network... i also ran zonealarm 5.5... and kept my comp up to date... do i never had an issue... if you run your router properly you will be fine... and they arent going to search your room for it unless you draw attention to yourself... just think of all the people that have toasters and fridges over the 1.5' rule.... just dont do a ton of downloading and never run any p2p programs....
 
n64man120 said:
Yea I understand potential router problems, etc... but I'm not stupid like some people who would try to do this stuff... I'd just like to be able to use my laptop and desktop simultaniously. Along with not having to physically make a connection just to update the program guide on SageTV. I could go wireless, but for a dorm room I really dont care too much if theres a cable going to my laptop. It's nice without one but whatever.
Click to expand...
You can just hook up a switch to do that... alot of schools only have 1 ethernet jack in each room and require a switch for each computer to run
 
Yea, if you read above they said they allowcate a set number of IP's to each dorm. So I'm not allowed to use more than 1 of the school's IP addresses since if more people did this they would run out.
 
n64man120 said:
Yea, if you read above they said they allowcate a set number of IP's to each dorm. So I'm not allowed to use more than 1 of the school's IP addresses since if more people did this they would run out.
Click to expand...
I dont believe that they actualy to this... thats alot of overhead and alot of money to spend to stop people from bringing more then one computer up... on my floor alone last year there were prob 10 people (me included) that had a desktop and a laptop running... this is not uncommon... i would say go for it... lock your router down... dont talk about it... just do it... and what school are you going to?
 
Footer4321 said:
I dont believe that they actualy to this... thats alot of overhead and alot of money to spend to stop people from bringing more then one computer up... on my floor alone last year there were prob 10 people (me included) that had a desktop and a laptop running... this is not uncommon... i would say go for it... lock your router down... dont talk about it... just do it... and what school are you going to?
Click to expand...

As one of the "Nazi's" of a university network, the worst thing that most network admins/consultants can do is to lock your net down. Forever. If you're caught having violated the TOS, and then attempt to circumvent an attempt to punish the user you can be fined, or have criminal actions brought against you. We've done it, because things like network security can be a nightmare, and setting an example every year or two is required to prevent people who think they know what they're doing from trying to get around the TOS.

To the OP, if you absolutely must have multiple computers connected, do one of the following: start working at a university help desk or lab. Once you're part of the group, and you start doing favors for the people in charge it's a lot easier to get an extra connection, or a larger amount of bandwidth. If you don't want to do that, see if you can get cable or phone services in your dorm room. If you can then see if you can get an external internet connection. This has the added benefit of you being able to avoid a lot of the campus network policies, though you'll get to deal with you ISP.

Again, if you're going into your first year, and you don't know how serious the IT staff on campus is, you should be careful how you approach them. Most compotent networking admins are able to see every IP on the network, and utilize programs to monitor excessive traffic. They will cut you off if you're not careful, and no amount of pleading (about assignments, talking to family, etc) is likely to get them to restore your connection until they are ready to.

 
Thanks for the heads up, I don't think I'm going to use a switch/router, untill I get a chance to see how strict they are and such. What do you think regarding hooking Laptop up to Desktop and using ICS? I can see it dis-allowed if you want to get technical, but what are your thoughts on this. Seems like the safest option.

Edit: Once again, I'm going to Northeastern. It is a very big school.
Full-time undergraduate enrollment: 14,492 — 7,219 men and 7,273 women.

Part-time undergraduate enrollment: 4,184 — 1,971 men and 2,213 women.

Full-time graduate enrollment: 2,232; 593 law students.

Part-time graduate enrollment: 1,443.
Click to expand...
 
n64man120 said:
Thanks for the heads up, I don't think I'm going to use a switch/router, untill I get a chance to see how strict they are and such. What do you think regarding hooking Laptop up to Desktop and using ICS? I can see it dis-allowed if you want to get technical, but what are your thoughts on this. Seems like the safest option.

Edit: Once again, I'm going to Northeastern. It is a very big school.
Click to expand...

ICS is skirting the edge of the rule. We didn't punish anyone for doing it (unless they were simutaneously violating another of the TOS, like impairing global network activity by dloading on p2p) because we didn't explicitly state it in the rules. Even if you do use ICS if you play dumb when/if they come after you you should be ok. Just say that you thought it was permitted under the TOS, and be willing to instantaneously terminiate the ICS is asked.

As I said before, getting an outside connection, if it's an option, is the best way to go. That way you don't have to worry about the university's TOS, just the ISP that you choose.

 
Comcast can come to setup a cable line, so I'd immagine you could. But that costs a ton... idk if it's worth it that much. ICS and play innocent and dumb seems like the best way to go.
 
You must log in or register to reply here.
Back
Top