Firewall Exception Request

Login access to the CCNY Firewall Exception Request Form (Login Required)

Introduction

A firewall exception creates a persistent “hole” in the campus-wide firewall (a network security barrier) in order to allow unimpeded access to devices on the CCNY network from off campus devices. Its most prevalent usage is for websites and email servers located on a private network that must be publicly accessible.

Firewall exceptions are carefully screened to prevent unnecessary exceptions, which create vulnerabilities that cyber threats can probe for fraudulent activities. Serious threats include ransoming user data, stealing sensitive employee and student information, and stealthily commandeering systems to launch further attacks. When evaluating firewall exception requests, these security risks are a critical factor in determining which exceptions are granted and denied.

Alternatives to Firewall Exceptions

There are two alternative services available for remotely accessing critical systems on campus that should be considered before firewall exceptions: website hosting and virtual private network (VPN) access.

Virtual Private Network (VPN) Account

VPN access allows users to connect to their college resources remotely on an as-needed basis using their CCNY login credentials. VPN access is terminated at the sessions end; whereas firewall exceptions create a continuous opening in the firewall. VPN access is an ideal solution for temporarily accessing systems remotely (e.g. performing occasional upgrades, making configuration changes, or monitoring systems). Click here to access the VPN Access Request Form.

Website Hosting

CCNY provides website-hosting services in a secure server environment in which software resources are regularly updated and well-known system vulnerabilities are proactively scanned for and remediated. This service removes some of the administrative burden of monitoring and updating websites from the end user. Find out more about the Website Hosting Service.