KI 1252 Increased security on UiB's data network - new policies from 7. Oct.

As an IT security measure, UiB will restrict traffic from the Internet to UiB's data network. This will in particular affect server services both centrally and at departments/faculties.

We make a change after working hours on Thursday 7 October (effected from the working day on Friday 8 October). Some restrictions on online traffic will then be added to UiB's computer network.

In the past, our network has been open to all traffic with the exception of what is explicitly closed. Now it will be other way around: closed to anything other than the traffic we have explicitly opened up to.

This entails, among other things:

Some services that were previously openly available from outside will now only be able to be used via VPN. This includes Unix e-mail/Webmail.
The uib-guest network (wireless and wired) will be "on the outside" and you will need a VPN to access many UiB services from it, in the same way that you need a VPN from your home office.
We have probably not seen all the consequences of the change. There is a high probability that some services will not work as before on Friday 8 October.

If you have computers/equipment on the UiB network that must be accessible from the outside, please report with this form. We may not be able to respond quickly on Friday 8 October, so please register in advance if you know you will have a problem. The sooner the better.

We emphasize that the change will not limit network traffic out from UiB.

This security measure is part of the IT division's security sprint.

Schedule for securing the network

Addition to the service announcement above:

The firewall will prevent unauthorized parties to access services or information in UiB's network.

After a thorough assessment of possible consequences and the IT division's capacity to respond to any side effects, we have decided to introduce the firewall in several phases.

It is still recommended that affected users get several things in place as soon as possible:

Start using multi-factor authentication to your account (KI 0780 Use multi-factor authentication)
Move to Outlook/Exchange for e-mail and calendar (KI 1263 Why should I use Outlook/Exchange Online for email?)
Verify that VPN works for you on computers you use outside the campus (KI 0706 How do I connect to VPN?)

Firewall is introduced in several phases:

On the afternoon of 7 October, a firewall will be laid in front of UiB's personal computers, including Eduroam. This should not be noticeable to the individual, but will provide significantly better security for the computers.
On the afternoon of 20 October, the first step in the introduction of a firewall in front of UiB's server services will be carried out. After this, it will be necessary to use a VPN to access a number of services. In particular Webmail/ IMAP/SMTP (Unix-mail) will be affected, but also a number of web services.
During the winter of 2021/2022, the IT division, in close collaboration with local IT staff, will have a special focus on securing networks with devices managed at faculties and departments. This will affect how computers and other devices on these networks reach key services at UiB and can create challenges for local users. These must of course be solved along the way.
In 2022, the firewall will gradually secure more and more IT services at UiB and give our users significantly greater protection against hacking and data loss.