23 August 2005

Network issues

Recent changes to the University network have restricted previously-available services to help stop malware on Windows PCs.

First, a definition. A “port” in network terms is a “logical connection place” where a program on a user’s computer connects to a server program. Ports are referred to by numbers, like port 25 (email programs communicate with email servers using port 25, among other ports), or port 80 (Netscape gets pages from World Wide Web servers over port 80 (usually)). As well as these and other well-known and standard ports, other server and client applications use dynamically-assigned ports to “bind” to in order to communicate with each other over the network.

Malware often exploits open ports by opening a connection between an infected computer and other devices on the internet without the user’s knowledge (on Windows computers anyway: most ports on Macintosh computers are closed by default and are only opened by the user initiating a particular application or service).

The University recently closed down most network ports in response to compromises to the local network from outside. Only known services (like official web and email servers) were allowed to continue to operate. ICT Services asked that where these restrictions prevented services from operating, contact them and the issues would be investigated.

Desktop video conferencing services like Apple’s iChat AV and Marratech eMeeting use a range of ports to dynamically connect participants through text, audio and video links. In order to create a good connection between users who might be on the other side of the world (and often are: that’s why these systems are popular), the various computers involved negotiate a “good” set of ports for each service from the wide range they might use.

iChat AV and eMeeting are (or at least were) used by staff to communicate with off-campus colleagues and collaborators. When the University's IT Security Officer was asked to open the ports used by iChat AV up again he declined, saying he was unhappy with the requirements and suggested there might be alternative more secure (but unnamed) solutions available.

While we had some success with eMeeting before the blocks were implemented, we haven't been able to commission the service since the ports were blocked and have stopped working on it until the ports it uses become available again.