Educause Security Discussion mailing list archives
Re: Stateful Perimeter Firewall
From: "Parker, Ron" <Ron.Parker () BRAZOSPORT EDU>
Date: Tue, 13 Oct 2009 08:40:15 -0500
You'll find that there are differences of opinion on this ranging from heavy-duty lockdown to no perimeter firewall at all with good arguments across the spectrum. We went from router ACLs to Checkpoint about nine years ago and I've been very pleased with the control it has given us. We do employ an outbound policy as well. You'll find that a large amount of traffic is traversing your network that has no business doing so. I do guest lectures for some of our classes here and I can ALWAYS find a real-time example of port scans and other suspicious activities when I do my demos. Granted that most of the action these days seems to be social engineering through e-mail phishing attacks but I would not run a network connected to the internet without a perimeter firewall. -- Ron Parker, Director of Information Technology, Brazosport College ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dean Halter Sent: Tuesday, October 13, 2009 8:11 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Stateful Perimeter Firewall We are considering setting up our firewalls in a stateful, default deny manner. Our folks would be able to communicate out normally, but folks on the outside would only be able to access resources for which there were explicit exceptions. Anyone else doing this that might give us pointers on what we need to do in advance and what to watch for? Is it problematic for certain types of software - p2p, grid, etc.? Is this, as some of our folks say, too corporate? Thanks in advance, Dean Halter IT Risk Management Officer University of Dayton "Security is a process, not a product." Bruce Schneier
Current thread:
- Stateful Perimeter Firewall Dean Halter (Oct 13)
- <Possible follow-ups>
- Re: Stateful Perimeter Firewall Matthew Gracie (Oct 13)
- Re: Stateful Perimeter Firewall Gary Dobbins (Oct 13)
- Re: Stateful Perimeter Firewall Greene, Chip (Oct 13)
- Re: Stateful Perimeter Firewall Parker, Ron (Oct 13)
- Re: Stateful Perimeter Firewall Di Fabio, Andrea (Oct 13)
- Re: Stateful Perimeter Firewall Jones, Dan (Oct 13)
- Re: Stateful Perimeter Firewall Joe St Sauver (Oct 13)
- Re: Stateful Perimeter Firewall Matthew Wollenweber (Oct 13)
- Re: Stateful Perimeter Firewall Cal Frye (Oct 13)
- Re: Stateful Perimeter Firewall Bruce Curtis (Oct 13)
- Re: Stateful Perimeter Firewall Cal Frye (Oct 13)
- Re: Stateful Perimeter Firewall Flynn, Gerald (Oct 14)