Versions Compared

Version Old Version 3 New Version Current
Changes made by

David V. DeChellis

David V. DeChellis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

Overview

...

Tufts Secure Wireless

...

IP addressing

Clients that connect to the Secure Wireless network will receive an IP address on private space. For access to resources on the Internet, traffic will look like it's coming from the IP address of the wireless controller which will be based on 130.64 network space. For services that live within the 130.64 netblock (such as Trunk and Exchange) there will be no manipulation of IP addressing.

Firewall

Clients that connect to the Secure Wireless network will automatically be put behind a firewall.

Technical Service Description

  • This new SSID (tufts-guest) will be "open" to wireless clients like other public wifi hotspots and registration will not be required.
  • There will be no restrictions for wifi protocol, as it will offer 802.11a/b/g/n (n where available) to Guest wireless users.
  • This service is intended to allow "open" client guest access, and as such there will no tie in to the TUNIS/Host Registration System to the Guest Wireless infrastructure. The wireless controllers will be directly providing IP address assignment through DHCP, and these addresses will be inaccessible in the Proteus and Host Registration systems.
  • Users wishing to access secure university assets, should continue to use the Tufts full wireless service via SSID "tuftswireless".
  • Since the wireless controller will be performing NAT between the client and the rest of the network including the Internet, no inbound services will be available to guest users.
  • Each device will have its bandwidth limited to 5Mbps download and 1Mbps upload.
  • Only a subset of IP Ports and Protocols will be allowed out the wireless controller to the rest of Tufts and the Internet (see chart).

Network Ports Allowed On Guest Wireless Service (SSID: tufts-guest)

...

Protocol

...

Port

...

Description

...

tcp

...

21

...

FTP—control (command)

...

tcp

...

22

...

Secure Shell (SSH)—used for secure logins, file transfers (scp, sftp) and port forwarding

...

tcp

...

53

...

Domain Name System (DNS)

...

udp

...

53

...

Domain Name System (DNS)

...

tcp

...

80

...

Hypertext Transfer Protocol (HTTP)

...

tcp

...

88

...

Kerberos—authentication system

...

udp

...

88

...

Kerberos—authentication system

...

udp

...

123

...

Network Time Protocol (NTP)—used for time synchronization

...

tcp

...

143

...

Internet Message Access Protocol (IMAP)—management of email messages

...

tcp

...

389

...

Lightweight Directory Access Protocol (LDAP)

...

tcp

...

406

...

Interactive Mail Support Protocol

...

tcp

...

443

...

HTTPS (Hypertext Transfer Protocol over SSL/TLS)

...

tcp

...

444

...

SNPP, Simple Network Paging Protocol (RFC 1568)

...

tcp

...

446

...

DDM-RDB

...

tcp

...

447

...

DDM-RFM

...

tcp

...

465

...

URL Rendesvous Directory for SSM (Cisco protocol)

...

udp

...

500

...

Internet Security Association and Key Management Protocol (ISAKMP)

...

tcp

...

587

...

e-mail message submission (SMTP)

...

tcp

...

636

...

Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

...

tcp

...

993

...

Internet Message Access Protocol over SSL (IMAPS)

...

tcp

...

995

...

Post Office Protocol 3 over TLS/SSL (POP3S)

...

tcp

...

1494

...

Citrix XenApp Independent Computing Architecture (ICA) thin client protocol

...

tcp

...

1723

...

Microsoft Point-to-Point Tunneling Protocol (PPTP)

...

tcp

...

1863

...

MSNP (Microsoft Notification Protocol), used by the .NET Messenger Service and a number of Instant Messaging clients – MSN Instant Messanger

...

tcp

...

3389

...

Microsoft Terminal Server (RDP) officially registered as Windows Based Terminal (WBT)

...

tcp

...

3653

...

Tunnel Setup Protocol

...

udp

...

3653

...

Tunnel Setup Protocol

...

tcp

...

5000

...

VTun—VPN Software

...

tcp

...

5050

...

Yahoo! Messenger

...

tcp

...

5190

...

ICQ and AOL Instant Messenger

...

tcp

...

5222

...

Extensible Messaging and Presence Protocol (XMPP) client connection --Google Talk (Jabber)

...

tcp

...

5223

...

Extensible Messaging and Presence Protocol (XMPP) client connection over SSL

...

tcp

...

5900

...

Virtual Network Computing (VNC) remote desktop protocol (used by Apple Remote Desktop and others)

...

tcp

...

8444

...

FireScope Management Interface.

...

tcp

...

10000

...

NDMP, Network Data Management Protocol.

...

ah protocol

...

 

...

Authentication Header

...

esp protocol

...

 

...

Encapsulating Security Payloads

...

gre protocol

...

 

...

(Network & Wi-Fi/Wireless Access)

Available To

Faculty, Students, Staff and Affiliates on all 3 Campuses: Boston, Grafton and Medford

Quick Access

Enable secure wireless on a computer, phone, or tablet by selecting tufts-secure from the list of available wireless networks, and then entering your Tufts username and Tufts password.   

Benefits & Features

Tufts Secure Wireless provides a secure and encrypted path for data to pass which mitigates risk of identity theft and/or data loss. It is available for all devices that support a secure wireless connection to access the internet, including mobile devices, laptops, and desktop computers.   All data transferred over tufts-secure wireless is encrypted and data is secured behind a firewall.

Requirements

Tufts-secure is open to members of the Tufts community who have a valid Tufts username and Tufts password.

Getting Started

Connect to tufts-secure:

  1. While on campus, select “tufts-secure” from the list of available networks.
  2. Sign in with your Tufts username and Tufts password.

How-to Help

Will add how to info for several different mobile devices

Need help?

Guest Wireless https://it.tufts.edu/guestwireless
Tufts Wireless https://it.tufts.edu/wireless

Training & Events