Educause Security Discussion mailing list archives

Re: Exception handling processes on Default Deny Firewall

From: "James M. Driskell" <jdriskell () UPS EDU>
Date: Wed, 2 Feb 2005 09:39:03 -0800

Hi Kim,

We've had a default deny firewall in place for several years now, and of
course, it generates requests for exceptions.  Most of the exceptions come
from the students, so we ask them to justify their request in academic terms
and do the research to determine which ports and services are required to
support the exception.  We generally don't approve gaming requests but this
policy is subject to review.

The requests for exceptions start at our Help Desk.

Jim Driskell
Network Manager
University of Puget Sound

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Cary, Kim
Sent: Wednesday, February 02, 2005 9:21 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Exception handling processes on Default Deny Firewall

I would like to thank all those who replied to my message:

Subject: Re: Preparing for Default Deny Firewall


I'm storing, sorting and categorizing your replies - some are
technical, some procedural.
All are GREATLY appreciated.

I'm concerned that this go well, both before and after implementation.

I'm especially looking for help with mechanisms to handle exceptions...
when someone
wants a port opened _after_ we implement.

How do you vet, approve/deny & who gets the final say, where to your
customers stow their request?
What info is required to stow the request or do you send a consultant
for each one?

I do appreciate you editing your replies to only quote the appropriate
part of my
message (if needed) so I don't feel like I'm spamming the list ;-).

Kim Cary
Infrastructure Security Administrator
Pepperdine University

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

Exception handling processes on Default Deny Firewall Cary, Kim (Feb 02)
- <Possible follow-ups>
- Re: Exception handling processes on Default Deny Firewall James M. Driskell (Feb 02)