Educause Security Discussion mailing list archives

Re: Appropriate University/Internet blocks

From: Ariel Silverstone <ariel.silverstone () TEMPLE EDU>
Date: Wed, 16 Jun 2004 10:46:57 -0400

Tom,

At Temple, we approached it very gingerly.  Generally, the following are the
steps we took:

1) thought hard about what it is we are really trying to do
2) created an application that enabled us to perform step 4 below
3) created a "security council" combined of representatives from every
school and administrative department and solicited their input
4) asked the members to use the application to register every server,
guaranteeing that no server which is registered be effected by a new
firewall or firewall rule
5) created the new rule set
6) informed the community that as of a specific date, our rule set - which
is now set to "Deny All except" rather then "permit all except" will be
active
7) prepared the help desk for influx of calls
8) turned on the rule set
9) watched as less then 30 calls (out of 55,000 users) came in about this
issue.


Thank you,

Ariel Silverstone, CISSP
Chief Information Security Officer
Temple University


-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Tom Conley
Sent: Wednesday, June 16, 2004 10:21 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Appropriate University/Internet blocks

This is a hackneyed old question, but one we are still struggling with:

What is the appropriate level of filtering or port blocking at A
University/Internet border?

Specifically, what ports or packets are y'all (other universities) currently
blocking?  Do you have router configurations that you can share?
Do you use an IP blacklist?  Are the "blacklist" and "ports list" permanent
or do the blocks "time out" automatically?  How do you manage all this?

It seems [obvious] that the recommendations made for other industries are
not generally accepted at universities.  But what is acceptable?

Any feedback is appreciated.  Feel free to contact me off-list if you
prefer.

Thanks.

Tom

Tom Conley, CISSP
Network Security
Ohio University
740.593.2264
conleyt () ohio edu
security () ohio edu

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Attachment: arielsilverstone@yahoo.com.vcf
Description:

Current thread:

Appropriate University/Internet blocks Tom Conley (Jun 16)
- <Possible follow-ups>
- Re: Appropriate University/Internet blocks Willis Marti (Jun 16)
- Re: Appropriate University/Internet blocks Ariel Silverstone (Jun 16)
- Re: Appropriate University/Internet blocks Eli Dart (Jun 16)
- Re: Appropriate University/Internet blocks Shawn Kohrman (Jun 16)
- Re: Appropriate University/Internet blocks Willis Marti (Jun 16)
- Re: Appropriate University/Internet blocks John Center (Jun 16)
- Re: Appropriate University/Internet blocks Eric Pancer (Jun 16)
- Re: Appropriate University/Internet blocks Mike Wiseman (Jun 17)
- Re: Appropriate University/Internet blocks Theresa Semmens (Jun 17)
- Re: Appropriate University/Internet blocks Lucas, Bryan (Jun 17)
- Re: Appropriate University/Internet blocks Eric Pancer (Jun 17)
- Re: Appropriate University/Internet blocks Professor George Davida (Jun 17)

(Thread continues...)