HASCS Clarifies Firewall Policy

In a town hall meeting held last night in Science Center D, representatives from Harvard Arts and Sciences Computer Services (HASCS) announced a plan to deploy a firewall that would block all attempts by outside computers to connect to computers on the FAS network.

All traffic on the FAS network would go through the firewall, which is a computer that monitors computer data and filters out certain types of traffic.

The new system is a response to burgeoning demands on the FAS network primarily attributed to Napster users outside of Harvard, who download songs from Harvard napster users.

The firewall would prevent Internet users outside of Harvard from gaining access to programs, files, music, and videos contained on Harvard students' computers.

Under this strategy, all students computers would be placed behind the firewall by default, but students could be exempted from the policy after attending a 10-15 minute education session, said Kevin Davis '98, coordinator of residential computing for FAS Computer Services.

The purpose of the session, said Bill Ouchark, HASCS manager of networking and UNIX systems, would be to make sure people understand the enormous impact that outbound traffic is having on the network and to inform them of how they can be a responsible network user.

"We feel it's reasonable to expect people who have carte-blanche access to the network to be educated," Davis said.

In addition, Ouchark explained that the required education sessions are a way to ensure that people don't choose to be exempt from the firewall for the mere sake of being exempt.

Traffic among the computers on the networks of the different Harvard schools would not be placed under the firewall.

UC President Paul A. Gusmorino '01, who attended yesterday's meeting, said that he was on the whole pleased with the propsed changes to the network.

"A no-questions-asked exemption policy seems like the best way to handle network congestion without infringing on students intellectual freedom and exploration," he said.

Students present at yesterday's meeting questioned both the fairness and the effectiveness of the propsed firewall system. One frequently voiced concern was that HASCS should increase network bandwidth, or the size of the pipe through which all network information travels.

Ouchark said that increasing bandwidth is a possibility but that it does not provide a long-range solution, as traffic is bound to increase more and more every year.

And the current traffic shaping policy, which limits outbound network traffic to 10 percent of bandwidth, is similarly not a permanent solution because of the difficulties involved in setting a specific amount of traffic that can flow in the outbound direction. A fixed limit does not account for changes in the total traffic.

HASCS is currently testing the firewall strategy on the computers of several student volunteers.

Ouchark said most students would notice no changes in their network use as a result of the installation of the firewall.

By the end of the meeting, most of the concerns of students present at the meeting had been addressed.

"Students brought up many legitimate points," Davis said, "and by the end of the meeting, most people seemed okay with the changes."