Saturday November 21st, 2009
Server Registration
Summary: Server registration gives computing supporters and individual computer users greater control over off-campus network access to their computer systems. Most computers do not need to accept incoming network connections initiated from off-campus. Some computers require that incoming connections be permitted for specific applications such as Remote Desktop Connection. Limiting off-campus access enhances the security of the campus network for everyone.
Using Server Registration
- Overview
- Server Registration Options
- Computer name
- Providing contact information
- Submitting the completed registration request
- Can I bulk register computers?
- When do my changes take effect?
- What are the pre-defined services I can select?
- Can I define custom applications/ports?
- Are there ports that cannot be registered?
Overview
Server registration allows computing support personnel and individual computer users the ability to control which applications or "ports" are accessible from off-campus computers. Registration is required if you wish to enable off-campus access to any particular UCI computer.
You may also register any computer on the network even if it is not a server; this enables OIT to contact you should a security situation occur that affects your computer.
Server registration options
This system does not need to be contacted from off campus. (No ports open.)
This computer will not act like a server and does not need to be accessed from off-campus.
This system needs secure remote access from off campus (SSH & Remote Desktop Protocol open.)
Computers from off-campus will connect to this computer using the secure shell protocol (TCP 22) and/or the Remote Desktop Protocol (TCP 3389). This is the best choice for users who connect to their on-campus computers to do work from home. You will need to choose "I would like to specify which ports to open." and define the port manually if you use a method other than SSH or RDP to connect to your on-campus computer from off-campus.
This system is a server. I run my own firewall or have taken other security precautions. (Warning, all ports will be open.)
This is the best choice for users who need 5 or more ports open on a computer. Computers that require this many open ports should be carefully managed by the individual user or supporter and not rely on the campus firewall as the only means of protection
I would like to specify which ports to open. (Advanced)
This is the best choice for users who need fewer than 5 ports open and want more control over off-campus access to their computer. You may choose from a list of default ports, or enter your own specific TCP/UDP port numbers. (Please note: There are certain ports that cannot be opened (Visit: Are there ports that cannot be registered?) for more information.)
What is my computer name?
Every computer connected to the UCI network has a unique name such as example.nacs.uci.edu. If you do not know your computers network name, and you are using it to view this help page, clicking here will tell you what it is. Otherwise, please ask your computing support coordinator, system administrator, or OIT for assistance.
Providing contact information.
If you are not the primary contact (i.e. administrator of the server/computer system), or wish to specify an alternate contact person for the computer you are registering, you may enter a UCInetID for this person. Your contact information is derived from the UCInetID that you used to log in to server registration and will be kept on record as a contact person for the computer you are registering.
Submitting the completed registration request
Review the "Computer Name", "Requestor", "Additional Authorized Person", "TCP Ports Opened", and "UDP Ports Opened" fields. If the information is correct, fill out any comments for the computer you are registering and click on "Submit". If you need to change anything, you may click on "Back" and correct the information.
Once submitted, the server registration changes for your computer will take effect at 7:10 am or 7:10 pm, whichever comes first after your server registration submission.
Frequently Asked Questions
Can I bulk register computers?
Campus computing supporters can register multiple computers
located on their network(s) by sending the following information for
each system/server using the "tab separated value" format to the OIT
security team (security @ uci.edu):
Requester UCInetID
Responsible UCInetID (optional)
Hostname
Ports open TCP (comma separated list)
Ports open UDP (comma separated list)
Comments (optional)
When do my changes take effect?
Changes to server registration are applied daily at 7:10 am and 7:10 pm Pacific Time. It may take up to 5 minutes for the changes to take effect.
What are the pre-defined services I can select?
- Web Server (HTTP) TCP 80: Allows off-campus computers to access web pages on your registered on-campus computer through the hypertext transport (web) protocol.
- Secure Web Server (HTTPS) TCP Port 443: Allows off-campus computers to access web pages stored on the on-campus computer through the secure https web server protocol.
- Simple Mail Transport Protocol (SMTP) TCP Port 25: Allows off-campus computers to use the on-campus computer as a server to send electronic mail.
- Secure SMTP TCP Port 587: Allows off-campus computers to use the on-campus computer as a server to send electronic mail using the secure SMTP protocol.
- Domain Name Service (DNS) TCP Port 53: Allows off-campus computers to access the on-campus computers domain name server.
- Secure IMAP (IMAPS) TCP Port 993: Allows off-campus computers to access email on the on-campus computer using the secure IMAP protocol.
- Secure POP (POPS) TCP Port 995: Allows off-campus computers to check email on the on-campus computer using the secure POP protocol.
- File Transfer Protocol (FTP) TCP Port 21: Allows off-campus computers to download and upload files from the on-campus computer.
- Secure Shell (SSH) TCP Port 22: Allows off-campus computers to connect to the on-campus computer with command line access using the secure shell protocol.
- Microsoft Remote Desktop (RDP) TCP Port 3389: Allows off-campus computers to remotely access the on-campus desktop computer system.
Can I define custom applications/ports?
Yes. Choose the "I would like to specify which ports to open." option. After being prompted for your computer name and contact information, you will be able to select from a list of pre-defined ports. The "I need to define additional ports" option is also available to you at this point if you need to open ports that are not pre-defined. Note: If you need to have more than 5 open ports, we suggest that you choose the option "This system is a server. I run my own firewall or have taken other security precautions." and run your own local firewall and/or other security mechanisms.
Are there ports that cannot be registered?
The
following ports cannot be registered:
2 UDP Management Utility (compressnet)
23 TCP telnet
42 TCP/UDP Host Name Server (nameserver)
69 UDP Trivial File Transfer (tftp)
111 TCP/UDP SUN Remote Procedure Call (sunrpc)
135 TCP/UDP DCE endpoint resolution (epmap)
137 TCP/UDP NETBIOS Name Service (netbios-ns)
138 TCP/UDP NETBIOS Datagram Service (netbios-dgm)
139 TCP/UDP NETBIOS Session Service (netbios-ssn)
161 TCP/UDP SNMP (snmp)
162 TCP/UDP SNMPTrap (snmptrap)
445 TCP/UDP Microsoft-DS (microsoft-ds)
513 TCP login
514 TCP rsh
515 TCP printing (lpd)
593 TCP/UDP HTTP RPC Ep Map (http-rpc-epmap)
1023 TCP
1025 TCP Microsoft RPC (RPC)
1026 UDP Calendar Access Protocol (cap)
1433 TCP Microsoft-SQL-Server (ms-sql-s)
1434 UDP Microsoft-SQL-Monitor (ms-sql-m)
2049 TCP/UDP network files systems (nfs)
2345 TCP dbm (dbm)
2745 TCP URBISNET (urbisnet)
2967 TCP SSC-AGENT (ssc-agent)
3531 TCP
3531 UDP
4444 TCP
4866 TCP
5000 TCP Windows Universal Plug and Play service (UPNP)
5554 TCP SGI ESP HTTP (sgi-esphttp)
6101 TCP SynchroNet-rtc (synchronet-rtc)
8555 TCP SYMAX D-FENCE (d-fence)
10000 TCP Network Data Management Protocol (ndmp)
13701 TCP
41524 TCP
50048 UDP
