Educause Security Discussion mailing list archives
Re: Closed Network Implementation?
From: Barron Hulver <Barron.Hulver () OBERLIN EDU>
Date: Thu, 7 Mar 2013 17:23:37 -0500
I did the same thing when I moved us from open to closed. That is, I logged everything. I then used a combination of frequency analysis on the log files and researching the appropriate firewall rules to determine how to set the appropriate rules. It was a long process with a few ports denied incorrectly, but overall it went well. Barron Barron Hulver Director of Networking, Operations, and Systems Center for Information Technology Oberlin College 148 West College Street Oberlin, OH 44074 440-775-8702 Barron.J.Hulver () oberlin edu http://www2.oberlin.edu/staff/bhulver/ On 3/7/13 11:39 AM, Rick Coloccia wrote:
On 3/7/2013 11:35 AM, Willis Marti wrote:Glenn, The key lesson is that with a research university, possibly all higher ed, there is no way to know everything our faculty and staff have cooked up when the rules were less strict. I strongly feel you have to put a device in place without rules to determine what "default deny" would reject, before turning it on.+1. When we moved from open to closed, I put the firewall in a log-all state for months before throwing the switch. I was then able to work out what everything was, write appropriate rules, interact with the appropriate sysadmins, and make for a very smooth conversion from open to closed. -Rick
Current thread:
- Closed Network Implementation? Thorpe, Glenn (Mar 07)
- Re: Closed Network Implementation? Willis Marti (Mar 07)
- Re: Closed Network Implementation? Rick Coloccia (Mar 07)
- Re: Closed Network Implementation? Barron Hulver (Mar 07)
- Re: Closed Network Implementation? Leo Song (Mar 08)
- Re: Closed Network Implementation? Rick Coloccia (Mar 08)
- Re: Closed Network Implementation? Harry Hoffman (Mar 08)
- Re: Closed Network Implementation? Rick Coloccia (Mar 08)
- Re: Closed Network Implementation? Rick Coloccia (Mar 07)
- Re: Closed Network Implementation? Willis Marti (Mar 07)
- Re: Closed Network Implementation? Harry Hoffman (Mar 08)
- Re: Closed Network Implementation? Willis Marti (Mar 08)
- Re: Closed Network Implementation? Mike Iglesias (Mar 08)
- Re: Closed Network Implementation? Michael Sinatra (Mar 08)
- Re: Closed Network Implementation? Mike Iglesias (Mar 08)