Summary: Server registration
gives computing supporters and individual computer users greater
control over off-campus network access to their computer systems.
Most computers do not need to accept incoming network connections initiated from off-campus. Some computers require that incoming connections be permitted for specific applications such as Remote Desktop Connection. Limiting off-campus access enhances the security of the campus network for everyone.
Server registration allows computing support personnel and individual computer users the ability to control which applications or "ports" are accessible from off-campus computers. Registration is required if you wish to enable off-campus access to any particular UCI computer.
You may also register any computer on the network even if it is not a server; this enables OIT to contact you should a security situation occur that affects your computer.
This computer will not act like a server and does not need to be accessed from off-campus.
Computers from off-campus will connect to this computer using the secure shell protocol (TCP 22). Please note that the ssh service is one of the most probed and attacked ports from computers off-campus. Unless you need to give access to non-UCI affiliates, you would be better off using the campus VPN service to gain SSH to your system rather than opening the port. Many of the attacks against these services use account and password brute-force methods that may at some point give access to your system to the attackers if any of your users has a easily guessed accounts and/or passwords.
If you need to give RDP access to people who cannot use the campus VPN service, we suggest you configure RDP to use a port other than 3389 and use the "I would like to specify which ports to open" option to open only that port for off-campus access. This will help prevent (but not eliminate) RDP probes and attacks against your system.
This is the best choice for users who need 5 or more ports open on a computer. Computers that require this many open ports should be carefully managed by the individual user or supporter and not rely on the campus firewall as the only means of protection
This is the best choice for users who need fewer than 5 ports open and want more control over off-campus access to their computer. You may choose from a list of default ports, or enter your own specific TCP/UDP port numbers. (Please note: There are certain ports that cannot be opened (Visit: Are there ports that cannot be registered?) for more information.)
Every computer connected to the UCI network has a unique name such as example.oit.uci.edu. If you do not know your computers network name, and you are using it to view this help page, clicking here will tell you what it is. Otherwise, please ask your computing support coordinator, system administrator, or OIT for assistance.
If you are not the primary contact (i.e. administrator of the server/computer system), or wish to specify an alternate contact person for the computer you are registering, you may enter a UCInetID for this person. Your contact information is derived from the UCInetID that you used to log in to server registration and will be kept on record as a contact person for the computer you are registering.
Review the "Computer Name", "Requestor", "Additional Authorized Person", "TCP Ports Opened", and "UDP Ports Opened" fields. If the information is correct, fill out any comments for the computer you are registering and click on "Submit". If you need to change anything, you may click on "Back" and correct the information.
Once submitted, the server registration changes for your computer will take effect at 7:10 am or 7:10 pm, whichever comes first after your server registration submission.
Campus computing supporters can register multiple computers
located on their network(s) by sending the following information for
each system/server using the "tab separated value" format to the OIT
security team (security @ uci.edu):
Responsible UCInetID (optional)
Ports open TCP (comma separated list)
Ports open UDP (comma separated list)
Changes to server registration are applied daily at 7:10 am, 1:10 pm, and 7:10 pm Pacific Time. It may take up to 5 minutes for the changes to take effect.
Yes. Choose the "I would like to specify which ports to open." option. After being prompted for your computer name and contact information, you will be able to select from a list of pre-defined ports. The "I need to define additional ports" option is also available to you at this point if you need to open ports that are not pre-defined.
Note: If you need to have more than 5 open ports, we suggest that you choose the option "This system is a server. I run my own firewall or have taken other security precautions." and run your own local firewall and/or other security mechanisms.
The following ports cannot be registered:
2 UDP Management Utility (compressnet)
23 TCP telnet
42 TCP/UDP Host Name Server (nameserver)
69 UDP Trivial File Transfer (tftp)
111 TCP/UDP SUN Remote Procedure Call (sunrpc)
135 TCP/UDP DCE endpoint resolution (epmap)
137 TCP/UDP NETBIOS Name Service (netbios-ns)
138 TCP/UDP NETBIOS Datagram Service (netbios-dgm)
139 TCP/UDP NETBIOS Session Service (netbios-ssn)
161 TCP/UDP SNMP (snmp)
162 TCP/UDP SNMPTrap (snmptrap)
445 TCP/UDP Microsoft-DS (microsoft-ds)
513 TCP login
514 TCP rsh
515 TCP printing (lpd)
593 TCP/UDP HTTP RPC Ep Map (http-rpc-epmap)
1025 TCP Microsoft RPC (RPC)
1026 UDP Calendar Access Protocol (cap)
1433 TCP Microsoft-SQL-Server (ms-sql-s)
1434 UDP Microsoft-SQL-Monitor (ms-sql-m)
2049 TCP/UDP network files systems (nfs)
2345 TCP dbm (dbm)
2745 TCP URBISNET (urbisnet)
2967 TCP SSC-AGENT (ssc-agent)
3389 TCP Microsoft Remote Desktop (RDP)
5000 TCP Windows Universal Plug and Play service (UPNP)
5554 TCP SGI ESP HTTP (sgi-esphttp)
6101 TCP SynchroNet-rtc (synchronet-rtc)
8555 TCP SYMAX D-FENCE (d-fence)
10000 TCP Network Data Management Protocol (ndmp)