Using a Firewall

A firewall works to monitor and block or allow network traffic, both incoming and outgoing, on a private network or individual computer. While there is a hardware firewall to help protect the CUMC and NYP shared campus network, it's still recommended that you use a software firewall on your own computer.

Personal Firewalls
The latest operating systems include built-in firewalls for extra security. These tend to be the easiest to work with, and are pre-configured to allow commonly used programs send and receive necessary data through your network connections. You can find instructions on using both the Windows and Macintosh OS firewalls at CUIT Security's built-in firewalls site; please contact the CUMC IT Service Desk with any specific questions or issues. If you are using a department-owned computer you may not have access to change the OS firewall settings and should contact your 2nd level IT staff for assistance.

Other personal firewalls such as Zone Alarm and Symantec are available, however these require a slightly higher level of technical proficiency. They typically work by notifying you when any data or programs attempt to enter or exit your computer, allowing you to set default access for specific programs and computer processes. If you decide to use a personal firewall, make sure you read its instructions carefully, as some features will have to be configured to allow access to resources and programs you want to use.

Network Firewalls
Network firewalls are not allowed on the CUMC campus network unless managed
or approved by CORE Resources, as stated in the CUMC IT Firewall Procedures.
CORE Resources manages the hardware firewall that secures the shared CUMC and NYP campus network from the Internet and the Morningside campus network. This firewall affects certain outbound traffic and prevents unauthorized inbound traffic. NetBIOS, SMTP and other miscellaneous ports determined to pose a security risk are blocked in the outgoing direction. This does not impact the majority of academic or work related programs used on the CUMC campus. Please note that ALL inbound traffic is prevented by default. An authorized departmental user requiring inbound access to applications or systems (for example: web server access) or special requests for opening NetBIOS traffic to the Morningside campus must request this access through the Firewall Exclusion Request Forms. We do not encourage firewall openings related to individual access, instead we request that individuals use the VPN connectivity to acquire encrypted and secure access into the CUMC network.

Blocked Programs
Certain applications such as filesharing and VoIP programs are blocked. Anyone requiring access to these programs must have approval from their Department Chair or higher, and must submit the appropriate Firewall Exclusion Request from our Service Request Forms page with complete information. This requires advanced technical knowledge including ports and protocols used; if you do not know these you must contact your department's 2nd level or higher IT staff for assistance. The CUMC IT Service Desk provides 1st level support and is not able to assist in finding this information.

Students who would like to use blocked programs in campus housing can contact an Internet Service Provider such as Verizon or Time Warner and run the program over the private ISP's connection. If a program is required for academic use, you must get approval from you school's Dean.

Streaming video in QuickTime may require special configuration to be allowed through your firewall(s). For instructions on changing QuickTime's settings, please see CNMTL's page at:
http://ccnmtl.columbia.edu/projects/video/windows_firewall/