Re: Firewall Strategies

[Gary Flynn <flynngn () JMU EDU>]

James Meyers wrote:

> Hi.  I'm new to this list and apologize in advance if this has been
> covered before.
>
> Just curious as to other universities success/failures regarding
> firewall strategies.  We're trying to architect a strategy to protect
> our network, and could benefit from the experiences of others.   Do you
> use a perimeter firewall?  Have there been political hurdles to clear in
> order to do so?  Do you have areas throwing up their own firewalls?
> What complications have you run into with various strategies?
>
> Any input will be appreciated.
We use Intrusion Prevention Systems and router ACLs at
the perimeter. We're planning on adding the Cisco IOS firewall
feature set on the perimeter routers to help fortify our inbound
default deny policy that we implemented in November using ACLs.
The policy we're trying to enforce is to disallow all inbound TCP
connection requests except to systems (i.e. servers) on a white list.
The IOS feature set may also be used as an IPSEC and/or
SSL VPN termination point.

I don't want to say too much about our internal controls on
the list but they're all provisioned by IT. I'd like to add
internal proxy type firewalls and web application intrusion
prevention systems at some point though the latter may
end up being host based rather than network based.

Our populace has been very supportive of our network access
controls.

Gary Flynn
Security Engineer
James Madison University