UvA FNWI UvA
ICT | Guides | Remote Access | Access Policy


 
  1 visitors in
February 2012
 
  last update
27 - 09 - 2004
 
 

 

Remote Network Access Policy

Staff members and students can access faculty servers remotely from home using UvA services or through a public ISP. The standard permissions allow for remote access to E-mail (through IMAP, IMAPS and POP protocols) only.

To remotely access fileservers you must have remote access permission which allows you to use the protocols

  • Secure FTP (SFTP)
  • Secure Shell (SSH)

Standard permissions may be relaxed for staff members that travel a lot, students from other faculties or universities, etc. For changes in access permissions send an request to the Online Support System.

Rationale

Many people do not require remote server access. Through limitations on remote server access the risks of computer breakins is greatly reduced.

Why do I get "Connection refused"

When you try to connect to one of the faculty's network servers, you may be denied access and see the following message: 


    Connection from x.x.x.x refused.

    The name service of your ISP is misconfigured. The IP address that you
    connect from does not have a "PTR" record. The FNWI security policy
    does not allow connections from such hosts.

    Please connect your Internet Service Provider and have them correct the
    problem.

    FNWI ICT Group

What does this mean?

The Internet uses addresses with 4 numbers separated by dots (.). When you try to reach a web server (say, www.science.uva.nl) your browser actually tries to make a connection with the web server at address 146.50.3.20.

Translations between names and numbers is done by the Domain Name System (DNS). When you connect to one of the faculty's servers, the server tries to look up the name of your computer. If the lookup fails, you're not allowed to access the server, and you'll see the message shown above.

Again, this is a precaution to keep hackers from our systems. Bear in mind that the faculty has thousands (!) of computers and we are "under attack" many times a day. Hackers often use methods that are characterized by unknown names for known internet addresses (this category of attacks is known as "spoofing").

Unfortunately, some Internet Service Provides (ISP's), have misconfigured their Domain Name System, making it impossible to lookup names from numbers, and therefore are not allowed to access our servers.

What to do about this?

Call your ISP's helpdesk and tell them their DNS needs fixing. That shouldn't take more than a day! To help them on their way, you may want to provide them with the internet address they gave your computer, it's listed on the first line of the error message.