Please check these pages periodically in
order to see the latest changes.
Please check these pages periodically in
order to see the latest changes.
In order to increase the security of our communications network, we have restricted access to computers on our network from outside the Institute. We have set up a firewall machine called block.weizmann.ac.il. A firewall machine monitors all traffic going into and out of the Institute network. Only traffic that has the proper authorization is allowed in or out.
Note! Users who use the Weizmann dial-in services (either by phone or ADSL) are considered to be inside the Institute network once they have connected and therefore do not need to use the procedures explained in these pages. If you connect from your home via an outside ISP (e.g. netvision, internet-zahav etc.), these pages do apply to you.
Users who wish to access any of the Weizmann Institute computers from outside the campus have to authenticate themselves to the firewall machine by means of a SecurID Card and request authorization to use the specific services they require. This will open a secure channel to the Institute.
Opening a Secure Channel to the InstituteIf you wish to enter the Weizmann computing network from outside the Institute, you must first open a secure channel to the Institute by authenticating yourself to our firewall machine and specifying to which machine (host) you want to connect and which service you want to use. After authenticating yourself and specifying this information, you may work on the host you specified using the service you specified in the same way as if you were sitting in the Institute.
There are 2 ways to open a secure channel:
Email Security MeasuresElectronic mail delivery from outside the Institute is possible only via designated email addresses.
We have instituted a secure web access feature for our mail servers, which means that you can now read your mail from a machine outside the Insitute without a SecurID card.
If you are using an email client on a machine not on the Weizmann network, you must open a secure channel to the Institute as explained in the previous section. You must enter the appropriate service(s) and host(s). See examples 3, 4 and 5 in the examples of commonly used services.
Please note that all mail that is sent from a computer outside the Institute with a From: address of anything@weizmann.ac.il or anything@*.weizmann.ac.il will not be allowed into the Weizmann network. If you send mail from a computer that is not connected to the Weizmann network and you are not using the web access feature, you must configure your mail client to use smtp-out.weizmann.ac.il as your outgoing SMTP (mail) server. Refer to the appropriate instructions for your mail client: Entourage, Apple Mail, or Outlook Express.
Web Security MeasuresSome of our web pages are restricted to Weizmann users. If you are working on a machine that is not on the Weizmann network, you can access files that are restricted to Weizmann employees by opening a secure channel to the Institute and specifying the appropriate service and host. See example 1 in the examples of commonly used services.
The firewall security system has ramifications for the creation and updating of web pages. If you create web pages for the Weizmann web server, you must understand our firewall and web server configuration.