FAQ

What are the privileges for members in a security contact?

There are four privilege levels for any member of a security contact:

View-only: can view registration information.

Device: can make changes to Device registrations.

IP Information: can claim subnets, request IP Addresses, register subdomains and offsite hostname. Can register RD Applications. Can also make changes to Device registrations.

Admin: includes Device and IP Information privileges. Can also make profile and membership changes to the security...

Is this service suitable for me?

Yes, if:

Your service contains printers and workstations only. You don't have any custom rules. You don't have technical staff who can configure your firewall rules. Your security needs are not extensive.

No, if:

Your subnet(s) hosts servers and services used outside the firewall.

You host sensitive data.

You have regulatory or contractual obligations to safeguard data that resides on your network.

Restricting traffic based on malicious content or destinations known to be malicious is unacceptable to the users on...

What if I have issues or feedback about this service?

If you have comments or suggestions for the service, please email bsecure@berkeley.edu(link sends e-mail) or share with the bSecure Mailing list(link is external).

Can I make customizations to the shared firewall rules?

No. Customizations are not made for individual departments. However, it is an evolving service and changes will be made if necessary to support the general needs of campus workstation computing.

How do I get started?

What do I need to do to initiate a vendor security assessment with the Information Security Office?

To request a Vendor Security Assessment Program evaluation for a PL2 system that is vendor managed, review the Details of the Vendor Security Assessment Program and then send an email to security@berkeley.edu.

Please include the following information:

Name of the unit requesting VSAP service Project Lead contact information UC Provisioning Representative contact information...

Are there any drawbacks to using this service?

This service should not be used if you store restricted data.

Rules and profiles in the shared firewall are not customizable.

The only services on the protected side of the firewall that can be accessed from the unprotected side are printing and remote desktop services. These services can only be accessed from non-Calvisitor campus addresses.

Campus vulnerability scanners are allowed and there will be no firewall exceptions for devices that have issues with scanning

Since systems using the shared firewall service...

What are the benefits of using this service?

You don’t need to write your own firewall rules.

You don’t need to define security profiles.

Increased security using profiles that block systems from connecting to or receiving traffic from known bad addresses

Malicious content (spyware, attempts to exploit known vulnerabilities, etc.) will be stopped by the firewall

How do I determine if there is an existing contract in place with the supplier?

Contact the UCB Procurement Office directly to find out whether an existing contract is in place with a service provider: supplychain@berkeley.edu

Where can I download files legally?

EDUCAUSE maintains a list of legitimate download services.

How do I respond to copyright infringement allegations?

1. As a "takedown notice" under the DMCA:

See The Digital Millennium Copyright Act (DMCA) and Related Resources

2. As a legal action taken by the copyright holder’s legal representative, e.g. an Early Settlement Offer or a Subpoena:

Campus legal counsel cannot represent individuals in matters of alleged copyright infringements. Students may seek information from the Student ...