Re: SURVEY: Research Institutions / Border Firewalls

[Vicky Walker <Vwalker () UNT EDU>]

I am not responsible for this area of security at UNT.

> > > Chris Green <cmgreen () UAB EDU> 2/12/2007 5:38 PM >>>

Good day,
 
In part of proposing campus firewall solutions, we wish to include some perspective on what other Research Universities 
are doing for border firewalls.   Please reply directly to myself and I’ll summarize replies back to the list.  I will 
remove your identity from your answer if you request it.
 
I’m primarily interested in what other research-focused institutions are doing. 
 
1)      Do you require central server registration?
2)      Do you require VPN for off-campus access? 
a.       If Yes, is it:
                                                               i.      SSLVPN
                                                             ii.      IPSEC VPN
                                                            iii.      Bastion Host
3)      Do you have a firewall on your primary internet link?
4)      Do you have a firewall on your I2/Research Links?
5)      Do you use primarily use dark IP addressing?
6)      Is your IT structure centralized or decentralized?
7)      Do you use a web proxy or SOCKS?
8)      What scenario best describes your firewall policy:
a.       “one size fits all”  (such as allow only port 80 and 443 traffic) 
b.       customized in place; Don’t have to change the IP address and any services requested are allowed.
c.       customized DMZ”: You can get whatever you want as long as you move your server into a DMZ.
d.      Other: Please describe
9)      How do you handle folks doing videoconferencing or legitimate peer-to-peer (BitTorrent Linux downloads)
10)   Are there any things about your setup you would have done differently with 20-20 hindsight?
 
Thanks for taking the time to reply 
--
Chris Green
UAB Data Security, 205-975-0842