Body
As a function of the USNH Security Infrastructure, various tools are used to perform analysis and filtering of remote systems. This is done for the safety and security of our users. If you believe you are being blocked from a legitimate site, please submit a firewall trouble ticket for the firewall team to review.
These filters are broken down into three categories.
URL & DNS filtering
USNH primarily filters on sites that are in some way malicious or are matching a profile used by malicious actors. If there are issues with the filtering that is interfering with USNH business or course related work, please submit a firewall trouble ticket. Many of these cases can be addressed.
One particular designation for a site worth noting is that of a “newly-registered-domain”. Because of the way threat actors often work, new domains are often leveraged in attacks. As such, new domains are filtered for 32 days. Please contact ET&S if you have a need to have site access evaluated prior to that 32 day window.
In the case of URL and DNS filtering, attempts to reach these sites via a web browser will result in being redirected to a web page as below.
Threat Intelligence filtering.
USNH works with companies who curate intelligence on known threat sources, generally regarding specific IP addresses. We leverage this intelligence at our security layer. Because of the scope of this data and the way it is utilized, users attempting to reach one of these sites will generally simply fail to reach it without any sort of notification. This security layer is behind the URL & DNS Filtering layer, so USNH users attempting to reach a site identified by both layers will see the message above.
It should be noted that the one area where this layer does have some issues is with regard to shared hosting platforms. When a service utilizes a single IP to provide service for multiple web sites and *one* of those sites creates a threat intelligence action, other sites serviced by that same IP will also be blocked. It is incumbent on the service provider for those sites to resolve the issue.
Filtering based on active analysis.
USNH creates its own list of malicious entities based on the data pulled from its own systems. This list is almost entirely directed at inbound traffic and almost never relates to USNH users attempting to reach external sites.