SLAC Border Firewall

Last Updated: November 20, 2009

[SLAC Detailed] [SLAC Highlighted] [SLAC Welcome] [SLAC Search]

[ SLAC Computer Security | SLAC Computing | SLAC Computer Networking ]

All Internet traffic between SLAC and the external world passes through a screening router firewall. The firewall:
  1. Blocks "spoofed" IP packets which arrive from outside but which claim to be from SLAC;
  2. Blocks all access to and from machines on certain SLAC subnets, e.g, the FARM subnets.
  3. Blocks all access to and from machines with "IFZ" ("Internet-Free Zone") addresses, defined as the last quarter of each SLAC subnet.
  4. Blocks many insecure services and protocols, of which the more important are:

A detailed list of the network ports and services which are blocked by the border firewall is kept in the AFS file,
        /afs/slac.stanford.edu/g/scs/security/blocked-ports/README .
Access to this file is restricted. To be added to the access list, or to get a printed copy of the file, or for more information about the SLAC border firewall, send email to security@slac.stanford.edu.

Note: In addition to services blocked by SLAC's border firewall, some services impose their own restrictions that allow access only from computers on the SLAC network (134.79.*.*). Some such services are:


Feedback?
John Halperin and Bob Cowles