There is a right way to provide remote access and a wrong way and we must ensure U-M is doing it the right way. Insecure Remote Access Protocols open the university up to an attack that can cause critical software to be discovered or end-user credentials to be compromised, leading to “Insecure” Remote Access Protocols.
The protocols we are blocking are not widely used and we will communicate directly with users and offer alternatives. While ITS will be taking these steps to reduce the risk of disruption, some risk does remain and we will address issues caused by this blocking as quickly as possible.
Insecure remote access protocols can allow remote access of another computer through the network connection. Over the past decade, there have been multiple incidents each year where internet exposure of these services at U-M has been abused to facilitate attacks against other organizations. We anticipate that these types of attacks will only increase in frequency and severity.
Insecure Remote Access Protocols can allow attackers to: Log into internet-exposed systems at U-M, harvest credentials from the system, and move laterally to compromise other computers
Refer to the list of protocols we are blocking at the border. ITS is also communicating directly with users, and their respective Security Unit Liaison, that have been identified as using these insecure protocols.
ITS plans to block the listed protocols at the border by October 2022.
In many cases, we recommend using the U-M VPN to continue using blocked services. The University of Michigan’s Virtual Private Network (VPN) creates a secure, encrypted connection between your device and the U-M network and enables access to university resources. Refer to Getting Started with VPN for more information. We also expect a small number of use cases that will need some consultation with IA to find an alternate solution. Individuals can work with their Security Unit Liaison in consultation with IA.
The initial phases of this project do not include IRAP mitigation for Cloud environments. Our current focus is mitigating the risk of IRAP at the campus network border. Future efforts will include IRAP mitigation for Cloud services.