Internet Restrictions

This document is historical and some parts of it may be out-of-date.

Please note that some of the details of what is described may change at short notice for technical or operational reasons.

World Wide Web Access

Several levels of restrictions are applied to world wide web traffic depending on whether it originates from the Rhodes internal network, or from the Internet.

The first of these restrictions is the forced use of a local web cache system.

Direct outgoing web requests are blocked on the Internet firewall systems, and all web browsers on campus have been configured to direct their requests to a local web cache/proxy server. The cache works by storing previously requested web pages, and satisfying subsequent requests for these pages from the local server, thus effecting substantial savings in both response time and internet bandwidth use. Daily log files are generated during this process, and these are summarized on a statistics web page. Information logged includes the cache hit rate (ie. the number of requests which were satisfied by the local cache server rather than having to be fetched from the original source), and the top ten web traffic requestors.

The web cache hit rate is highly dependent on the amount of disk space available. The more space there is, the more pages can be stored, and the more likely web access requests can be satisfied from pages already stored on the local cache system. There is, however an upper limit on the hit rate. An institution with heterogeneous web traffic requests, such as Rhodes, will not see hit rates exceeding about 40%, irrespective of how much disk space is devoted to caching.

The web cache system also uses a secondary cache structure. A local cache system can be configured to query cache systems at other sites if it cannot find requests locally before requesting pages directly from source. The Rhodes system is configured to query an external cache run by our internet service provider(s). This also improves our cache hit rate, and saves on international traffic and bandwidth.

Secondly, access to external web servers is restricted to registered users, who have to authenticate themselves by username and password.

Access from outside the Rhodes network to approved internal web servers is not subject to any of the above restrictions.

Finally, unlike many other academic institutions which charge their users for Internet access, Rhodes has opted to manage the use of this scarce and expensive resource in a different way.

A "quota" control system that firstly slows down response times and then blocks access according to specified quota thresholds has been implemented. Further details on the operation of this system and how individual users may be affected are available here.

Junk EMail (Spam)

Measures to limit the quantity of junk email (spam) have been in place since 1995, when the problem first became critical. For further details look here.

Other Restrictions

There are numerous other restrictions in place. Most of these are intended to prevent unauthorised access to our network or servers. For example, the following types of connections are allowed through the Rhodes Internet firewall system only to (or from) certain servers:

Incoming email delivery (smtp)
Outgoing email delivery (smtp)
Domain name resolution requests
Incoming POP and IMAP (email access)
BOOTP and DHCP requests
FTP (file transfers)
TELNET (only to systems using tcp security wrappers)
NNTP (news)

Other measures include all the usual basic security measures, such as: Outside NFS requests (for network access to hard disks) are completely blocked; Access to sites with no site name matching an IP network number is not allowed; IRC (internet relay chat) connections are allowed only to one local IRC server; IPX (Novell) tunneling is not allowed; Measures are in place to prevent the inadvertent or intentional use of "test" ip network numbers from being visible from outside the Rhodes network; Local Rhodes ip network numbers on connections which appear to originate outside our network are blocked; etc.

In general, access from outside the Rhodes network to any internal server is allowed only to servers which are known to have been correctly configured. Outside access to any PC on campus is completely blocked.

Most of these restrictions are specifically applied on the internet firewall systems. Other internal security measures are also in place, specifically on the firewall system separating the student network from the academic network, but also on other individual servers.

Privacy Concerns

Because it is necessary that automated processes analyse and inspect log files, all users of the network must be aware that the traffic they generate or initiate is monitored. While this traffic is not private in the sense of being anonymous, neither are its details arbitrarily disclosed to third parties. For further information on network monitoring, refer to the Policy on Network Monitoring document.