Server Registration

Why Register as a Server?

Server registration gives computing support personnel and individual computer users greater control over off-campus network access to their computer systems. Some computers require that incoming connections be permitted for specific applications such as web servers. However most computers do not need to accept incoming network connections initiated from off-campus. Limiting off-campus access enhances the security of the campus network for everyone.

Server Registration Requirement

Registration is required if you wish to enable off-campus access to any particular UCI computer.  Any computer on the network may be registered, even those that are not servers; this enables OIT to contact you should a security situation occur that affects your computer.  Once submitted, the server registration changes for your computer will take effect at either 7:10 am, 12:10 pm, 5:10 pm, or 10:10 pm Pacific Time, whichever comes first after your server registration submission.

Server Registration Help

Server Registration Options

  1. This system does not need to be contacted from off campus (No ports open): This computer will not act like a server and does not need to be accessed from off-campus.
  2. This system needs secure remote access from off campus (SSH open): Computers from off-campus will connect to this computer using the secure shell protocol (TCP 22). Please note that the ssh service is one of the most probed and attacked ports from computers off-campus. Unless you need to give access to non-UCI affiliates, you would be better off using the campus VPN service to gain SSH to your system rather than opening the port. Many of the attacks against these services use account and password brute-force methods that may at some point give access to your system to the attackers if any of your users has a easily guessed accounts and/or passwords.If you need to give RDP access to people who cannot use the campus VPN service, we suggest you configure RDP to use a port other than 3389 and use the “I would like to specify which ports to open” option to open only that port for off-campus access. This will help prevent (but not eliminate) RDP probes and attacks against your system.
  3. This system is a server. I run my own firewall or have taken other security precautions (Warning, all ports will be open): This is the best choice for users who need 5 or more ports open on a computer. Computers that require this many open ports should be carefully managed by the individual user or supporter and not rely on the campus firewall as the only means of protection.
  4. I would like to specify which ports to open (Advanced): This is the best choice for users who need fewer than 5 ports open and want more control over off-campus access to their computer. You may choose from a list of default ports, or enter your own specific TCP/UDP port numbers. (Please note: There are certain ports that cannot be opened (Visit: Are there ports that cannot be registered?) for more information.)

Providing Contact Information

If you are not the primary contact (i.e. administrator of the server/computer system), or wish to specify an alternate contact person for the computer you are registering, you may enter a UCInetID for this person. Your contact information is derived from the UCInetID that you used to log in to server registration and will be kept on record as a contact person for the computer you are registering.

Server Registration FAQ

Can I bulk register computers?

Campus computing supporters can register multiple computers located on their network(s) by sending the following information for each system/server using the “tab separated value” format to the OIT security team (security @ uci.edu):

  • Requester UCInetID
  • Responsible UCInetID (optional)
  • Hostname
  • Ports open TCP (comma separated list)
  • Ports open UDP (comma separated list)
  • Comments (optional)

Are there ports that cannot be registered?

The following ports cannot be registered.

 Port  Protocols  Use
2 UDP Management Utility (compressnet)
23 TCP telnet
42 TCP/UDP Host Name Server (nameserver)
69 UDP Trivial File Transfer (tftp)
111 TCP/UDP SUN Remote Procedure Call (sunrpc)
135 TCP/UDP DCE endpoint resolution (epmap)
137 TCP/UDP NETBIOS Name Service (netbios-ns)
138 TCP/UDP NETBIOS Datagram Service (netbios-dgm)
139 TCP/UDP NETBIOS Session Service (netbios-ssn)
161 TCP/UDP SNMP (snmp)
162 TCP/UDP SNMPTrap (snmptrap)
445 TCP/UDP Microsoft-DS (microsoft-ds)
513 TCP login
514 TCP rsh
515 TCP printing (lpd)
593 TCP/UDP HTTP RPC Ep Map (http-rpc-epmap)
1023 TCP
1025 TCP Microsoft RPC (RPC)
1026 UDP Calendar Access Protocol (cap)
1433 TCP Microsoft-SQL-Server (ms-sql-s)
1434 UDP Microsoft-SQL-Monitor (ms-sql-m)
2049 TCP/UDP network files systems (nfs)
2345 TCP dbm (dbm)
2745 TCP URBISNET (urbisnet)
2967 TCP SSC-AGENT (ssc-agent)
3389 TCP Microsoft Remote Desktop (RDP)
3531 TCP
3531 UDP
4444 TCP
4866 TCP
5000 TCP Windows Universal Plug and Play service (UPNP)
5554 TCP SGI ESP HTTP (sgi-esphttp)
6101 TCP SynchroNet-rtc (synchronet-rtc)
8555 TCP SYMAX D-FENCE (d-fence)
10000 TCP Network Data Management Protocol (ndmp)
13701 TCP
41524 TCP
50048 UDP

When do my changes take effect?

Changes to server registration are applied daily at 7:10 am, 12:10 pm, 5:10 pm, and 10:10 pm Pacific Time. It may take up to 5 minutes for the changes to take effect.

What are the pre-defined services I can select?

  • Web Server (HTTP) TCP 80: Allows off-campus computers to access web pages on your registered on-campus computer through the hypertext transport (web) protocol.
  • Secure Web Server (HTTPS) TCP Port 443: Allows off-campus computers to access web pages stored on the on-campus computer through the secure https web server protocol.
  • Simple Mail Transport Protocol (SMTP) TCP Port 25: Allows off-campus computers to use the on-campus computer as a server to send electronic mail.
  • Secure SMTP TCP Port 587: Allows off-campus computers to use the on-campus computer as a server to send electronic mail using the secure SMTP protocol.
  • Domain Name Service (DNS) TCP Port 53: Allows off-campus computers to access the on-campus computers domain name server.
  • Secure IMAP (IMAPS) TCP Port 993: Allows off-campus computers to access email on the on-campus computer using the secure IMAP protocol.
  • Secure POP (POPS) TCP Port 995: Allows off-campus computers to check email on the on-campus computer using the secure POP protocol.
  • File Transfer Protocol (FTP) TCP Port 21: Allows off-campus computers to download and upload files from the on-campus computer.
  • Secure Shell (SSH) TCP Port 22: Allows off-campus computers to connect to the on-campus computer with command line access using the secure shell protocol.

Can I define custom applications/ports?

Yes. Choose the “I would like to specify which ports to open.” option. After being prompted for your computer name and contact information, you will be able to select from a list of pre-defined ports. The “I need to define additional ports” option is also available to you at this point if you need to open ports that are not pre-defined.

Note: If you need to have more than 5 open ports, we suggest that you choose the option “This system is a server. I run my own firewall or have taken other security precautions.” and run your own local firewall and/or other security mechanisms.