Educause Security Discussion mailing list archives
Re: Firewall Strategies
From: Gary Flynn <flynngn () JMU EDU>
Date: Fri, 3 Feb 2006 17:27:53 -0500
James Meyers wrote:
Hi. I'm new to this list and apologize in advance if this has been covered before. Just curious as to other universities success/failures regarding firewall strategies. We're trying to architect a strategy to protect our network, and could benefit from the experiences of others. Do you use a perimeter firewall? Have there been political hurdles to clear in order to do so? Do you have areas throwing up their own firewalls? What complications have you run into with various strategies? Any input will be appreciated.
We use Intrusion Prevention Systems and router ACLs at the perimeter. We're planning on adding the Cisco IOS firewall feature set on the perimeter routers to help fortify our inbound default deny policy that we implemented in November using ACLs. The policy we're trying to enforce is to disallow all inbound TCP connection requests except to systems (i.e. servers) on a white list. The IOS feature set may also be used as an IPSEC and/or SSL VPN termination point. I don't want to say too much about our internal controls on the list but they're all provisioned by IT. I'd like to add internal proxy type firewalls and web application intrusion prevention systems at some point though the latter may end up being host based rather than network based. Our populace has been very supportive of our network access controls. Gary Flynn Security Engineer James Madison University
Current thread:
- Firewall Strategies James Meyers (Feb 03)
- <Possible follow-ups>
- Re: Firewall Strategies Gary Flynn (Feb 03)
- Re: Firewall Strategies Dave Koontz (Feb 04)
- Re: Firewall Strategies Mark Bauer (Feb 04)
- Re: Firewall Strategies Christian Wilson (Feb 06)
- Re: Firewall Strategies Valdis Kletnieks (Feb 06)
- Re: Firewall Strategies Alan Amesbury (Feb 06)
- Re: Firewall Strategies Richard Hopkins (Feb 10)