Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Appropriate University/Internet blocks

From: Willis Marti <wmarti () TAMU EDU>
Date: Wed, 16 Jun 2004 14:04:54 -0500
I would be _very_ careful about recommending a firewall over router
filters without more detailed information on the site's config.  We
deal constantly with issues surrounding high performance networking
through firewalls, and to be honest it doesn't exist in our
experience.  Yes, you can buy a PIX with GigE interfaces, but you
can't do high performance networking through it.

 110% agree. But I wouldn't buy a PIX. :-)
A&M built its own firewall in '92 (http://net.tamu.edu/drawbridge/index.html,
a little out of date) and we've been tweaking performance ever since.

 I don't like using routers as filters on a host-by-host basis because I prefer
them not to be touched too often. And, here, a different group manages
security issues than manages router configurations.

 We also provide departmental firewalls on an as requested basis, configured
as they desire. We keep a border firewall to provide a minimum standard.
--
Cheers,
 Willis Marti
 Associate Director for Networking
 Computing & Information Services
 Texas A&M University

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: