• McMaster
  • McMaster A-Z Index
• Academics
  • Undergraduate Studies/Programs
  • Graduate Studies/Programs
  • Part-Time Studies & Continuing Education
  • Departments & Faculties
• Alumni
  • About the Alumni Association
  • Alumni Events
  • Services & Benefits
  • Programs for Alumni
  • Alumni Networking
  • Keep in Touch
  • Homecoming
  • Alumni Weekend
  • Students & Young Alumni
  • Giving to McMaster
• Discover McMaster
  • About the Campus
  • Fast Facts
  • Governance
  • History of McMaster
  • How to Get to McMaster
  • Policies, Procedures & Guidelines
  • President's Message
  • Provost & Vice-President (Academic)
  • Strategic Plan
  • Teaching and Learning at McMaster
• Future Students
  • Undergraduate
  • Graduate Studies
  • MBA Program
  • Continuing Education
  • Parents
  • Student Services
  • Virtual Tour
• Library
  • About the Libraries
  • Contact Us
  • Course Reserves
  • Library Catalogue
  • Library Services
  • My Account / Book Renewal
• Research
  • Canada Research Chairs
  • Endowed & Industrial Chairs
  • Ethics in Human Research
  • McMaster Innovation Park
  • Office of International Affairs
  • Partnership Opportunities
  • Research Centres & Institutes
  • Research Policies & Procedures
  • Science in the City
• Current Students
  • Student Affairs
  • Student Resources
    • Chaplaincy
    • Human Rights & Equity
    • Information Technology
    • Office of Academic Integrity
    • Ombuds
    • Parking & Transit
    • Registrar
    • Safety & Security
    • Student Financial Aid & Scholarships
    • Student Accounts
  • Student Government
    • Graduate Students
    • Part-time Students
    • McMaster Students Union
  • Campus Life
    • Clubs
    • Events

University Technology Services

• Security And Policies
• IT Security
  • Administrative Data
  • Desktop Computer
  • MAC ID
  • Passwords Best Practices
  • Server System Security
  • Secure Connections from External Sources
    • Guiding Principle
    • Current Practice
    • Publice Services
    • Non Publice Services
    • Background
    • Encryption
    • Alternative
    • VPN
• Policy and Procedures
• Photo ID
• Virus Information
• UTS Home

Guiding Principle
Communication from off campus to the campus network should be secured to prevent unauthorized use of University resources or exposure of confidential university or personal information.

Current Practice

By default, unsolicited traffic originating from off campus sources to a system on the campus network is blocked by the campus firewall.

Public Services
Computing systems that provide services to the internet public at large, e.g. public web servers are placed in an exception list to bypass the campus firewall.

Non-Public Services
The current recommended method to secure communication from an off campus source to a computing system on the campus network is through Virtual Private Networking. With VPN, network traffic is encrypted and access is restricted to authenticated users. The University operates a Cisco VPN server and makes compatible client software available to University students, faculty and staff to install and run on their own computers. Use of the VPN service is required to access non-public systems (i.e. systems protected by the campus firewall) on the campus network. In those (rare) instances where VPN client software cannot be implemented, contact UTS Enterprise Networks to explore other methods of securing the connection.

Background

More and more people have acquired high-speed internet connectivity in their homes. The internet provides a convenient alternative to the campus modem pool for connecting to computers at McMaster to work from home or from another location while on sabbatical or attending a conference at another institution. However, you must be aware of security concerns when using the internet as a connecting medium. Not everyone out there is friendly or trustworthy. Your network traffic can be viewed, captured, and modified without your knowledge if you do not take precautions to protect yourself through encryption. In particular, your logonid and password can be at risk if it travels over the network in clear text.

Encryption in Web-Based Applications

Protecting your network traffic does not involve a lot of inconvenience. As standards have evolved, encryption has been built in to some of the computer tools that you use every day. For example, some campus applications, web-based email on the Univmail system, SOLAR, (MVS) ADWEB applications, and others use Secure Socket Layer (SSL) to encrypt traffic. Your web browser has built in support to handle secure web pages, which are referenced by https as opposed to the unencrypted http protocol. You can tell when you are looking at a secure web page by the closed padlock symbol displayed at the bottom of your screen. Encryption of web pages uses some cycles in your computer and the server that you are connecting to, but the added security is well worth the cost. At McMaster, we have used special purpose encryption appliances in front of the administrative web servers to offload the encryption process from the application server.

Alternative Protocols for Encryption

Many, but not all, campus host systems support ssh and sftp in preference to telnet and ftp for encrypted terminal emulation and file transfer. To take advantage of this you must install the client application on your computer (it includes both ssh and sftp). Once installed, the client is as easy to use as any other telnet or ftp client.

Unfortunately, the MVS system does not support ssh or sftp. The terminal emulation used to connect to the mainframe is tn3270, which communicates in clear text over the network. It is possible, however, to encrypt tn3270 and ftp sessions to the mainframe through the use of Virtual Private Networking.

VPN - A General Solution

The McMaster network supports Virtual Private Networking (VPN) to create an encrypted tunnel for traffic between the campus backbone network and a client such as a laptop computer used through McMaster's wireless or MacConnect network access system. In addition to encrypting traffic from locations on campus, VPN can be used to encrypt traffic over the internet between your home PC and the campus network.

In order to use VPN, you must first install the VPN client software on your computer. The installation and usage instructions are available at McMaster's Virtual Private Networking web pages. Each time you connect to McMaster's network using VPN you will be asked to authenticate using your network ID and password. From the point of view of the McMaster network your computer will look and have the same access capabilities as any other computer located on campus.All network traffic between your computer and the campus network will be encrypted over the internet within the VPN tunnel.

In this way, even unencrypted protocols such as tn3270 and ftp are protected. Since VPN provides the necessary encryption, it is our intention to enforce the use of VPN for connections from off-campus to the MVS system. You will not be able to connect to the MVS system from home unless you come through a VPN tunnel and appear with a campus IP address.