Difference between revisions of "Networking at CS - Overview"

Line 40: Line 40:
 
===Public IP Security Considerations===
 
===Public IP Security Considerations===
  
Please keep in mind that a system with a Public IP is exposed to the Internet.  That means that your system is open and vulnerable to access attempts from the outside.  If you're the only one who will access your system from the outside, please consider a Private IP instead, and use the VPN to put you into the JHU network so that you can access your system.  If you have several outside people needing access to your system, then, yes, a Public IP is probably needed.
+
Please keep in mind that a system with a Public IP is exposed to the Internet.  That means that ''your system is open and vulnerable to access attempts from the outside.'' If you're the only one who will access your system from the outside, please consider a Private IP instead, and use the VPN to put you into the JHU network so that you can access your system.  If you have several outside people needing access to your system, then, yes, a Public IP is probably needed.
  
 
And, because systems on the Public Grad Net are exposed to the Internet, they are expected to be managed in a way that preserves their security and the security of the Hopkins network.  The JHU Network Security Team (part of the [http://www.it.jhu.edu/ IT@JH] group, ''not'' CS) may periodically perform security scans of systems on the Public Grad Net.  If they determine that there are security problems with a system, they may disable all Internet access for that system until the problems are resolved.
 
And, because systems on the Public Grad Net are exposed to the Internet, they are expected to be managed in a way that preserves their security and the security of the Hopkins network.  The JHU Network Security Team (part of the [http://www.it.jhu.edu/ IT@JH] group, ''not'' CS) may periodically perform security scans of systems on the Public Grad Net.  If they determine that there are security problems with a system, they may disable all Internet access for that system until the problems are resolved.

Revision as of 13:27, 28 July 2017

There are three main networks in CS at Malone Hall. They are:

Public CS Grad/Research Net (128.220.35.x) - Uses IP addresses that are accessible from the Internet.
Private CS Grad/Research Net (10.161.159.x) - Uses IP addresses that are only accessible from within the Hopkins network (and Hopkins VPN).
CS Undergrad Net (128.220.224.x) - Uses IP addresses that are accessible from the Internet

The two Grad/Research nets are only accessible via network jacks in Malone Hall in CS work areas, except for the CS Undergrad Labs (Malone Hall 122 and the Ugrad Lab side of MH G61). The CS Undergrad Net is only accessible via network jacks in the CS Undergrad Lab.


Network Jacks (Wallports) In Malone Hall

Network jacks may be located be under floor panels via access doors on the floor or they might be located on the wall, depending upon where you're located. Each network jack is identified with a floor number and jack number. (It is very important that any correspondence with CS IT Support or JHU Networking about a network jack include the full jack number.)

(For those grad students working on the third floor of Malone, you might see that your floor panel access door is located under a slightly raised cabinet where the floor access door might be difficult to reach. For your convenience, there are network cables already coming out of those specific floor panels, and each of those cables is labeled with the port number.)

Each network jack in your Malone office will go to exactly one of those two Grad/Research networks (Public or Private Grad Net), so care will be needed to connect your computers into appropriate jacks.

Any given network jack can be changed from one network to the other (i.e., public to private or private to public) with relatively little difficulty with an emailed request to CS Support. We will pass on your request to JHU Networking. JHU Networking will be administering the network configurations; here is their current plan:

  • Even-numbered jacks, by default, are connected to the Public CS Grad network, 128.220.35.x
  • Odd-numbered jacks, by default, are be connected to the Private CS Grad network, 10.161.159.x

Note 1: All network jacks in the CS Undergrad Lab are part of the CS Undergrad Net (128.220.224.x)

Note 2: If you have a system that will reside in the G29 Malone server room instead, please contact CS Support, and we will help arrange your system's connections to the appropriate network, as there are no wallports in G-29.


Public CS Grad/Research Network Details

The "Public" CS Grad/Research Net uses IP addresses that are directly accessible from the Internet. It is useful for servers that need to be widely accessible or for systems that people need to connect to without going through the Hopkins VPN. (For example, if you need to ssh into your work machine from out on the Internet, your work machine needs a public IP address.)

Systems on the Public Grad Net can freely communicate with systems elsewhere on the Hopkins network, including systems on the Private CS Grad Net.

In order to set up a system on the Public Grad Net, you will need to follow the instructions at Requesting a Static IP Address on the CS Network and indicate in your request that the IP address will be public. There is no dynamic IP address service available on the Public network.

Public IP Security Considerations

Please keep in mind that a system with a Public IP is exposed to the Internet. That means that your system is open and vulnerable to access attempts from the outside. If you're the only one who will access your system from the outside, please consider a Private IP instead, and use the VPN to put you into the JHU network so that you can access your system. If you have several outside people needing access to your system, then, yes, a Public IP is probably needed.

And, because systems on the Public Grad Net are exposed to the Internet, they are expected to be managed in a way that preserves their security and the security of the Hopkins network. The JHU Network Security Team (part of the IT@JH group, not CS) may periodically perform security scans of systems on the Public Grad Net. If they determine that there are security problems with a system, they may disable all Internet access for that system until the problems are resolved.


Private CS Grad/Research Network Details

The "Private" CS Grad/Research Net uses IP addresses that can only be directly accessed from either the Hopkins network or the Hopkins VPN. It is useful for systems that do not need to be accessed from the Internet, like desktop computers or printers. The private addressing used on this network helps keep the systems a little more secure, since no one on the Internet can contact them directly.

You can connect your system to the Private Grad Net by following the instructions at Connecting to the CS Grad Nets. By default, you will receive a dynamic IP address. If you need a static IP address, follow the instructions at Requesting a Static IP Address on the CS Network, making sure to specify that you want a private static IP address.


CS Undergrad Network Details

The CS Undergrad Network is only available via wall and tabletop network jacks in Malone Hall Room 122 (the CS Collaboration Room). (Note that our other Ugrad Lab room, the Ugrad Lab side of Malone Hall G61, houses additional Ugrad Lab systems, but we are not currently supporting users plugging into the network in that room). To connect to the CS Undergrad Net, follow the instructions at Connecting to the CS Ugrad Net. Your computer will receive a dynamic IP address. There are no static IP addresses granted for the CS Ugrad Net.


Requesting a Static IP Address

If you need to request a static IP address, please follow the instructions at Requesting a Static IP Address on the CS Network.


DNS Servers to use when on the CS Network

Primary DNS: 128.220.13.50

Secondary DNS: either 10.200.1.1 or 10.200.2.2 -- your choice.

DHCP-provided CS IPs will automatically receive a primary DNS server of 128.220.13.50 and a secondary DNS server of 10.200.2.2.


General Configuration Notes

Public Network (128.220.35.x, even-numbered ports)

Subnet Mask: 255.255.255.0

Gateway: 128.220.35.1

Private Network (10.161.159.x, odd-numbered ports)

Subnet Mask: 255.255.255.0

Gateway: 10.161.159.1


Security Note

All computers that connect to the CS Grad/Research or Undergrad net should be at their latest security levels and should be configured to prevent viruses, etc. For antivirus software, please see the JHU Antivirus webpage.