Re: Firewall Strategies

[Christian Wilson <Christian.Wilson () ITS MONASH EDU AU>]

Hi,

On Fri, Feb 03, 2006 at 03:46:51PM -0600, James Meyers wrote:
> Hi.  I'm new to this list and apologize in advance if this has been
> covered before.

Welcome to Unisog :)

> Just curious as to other universities success/failures regarding
> firewall strategies.  We're trying to architect a strategy to protect
> our network, and could benefit from the experiences of others.   Do you
> use a perimeter firewall?  Have there been political hurdles to clear in
> order to do so?  Do you have areas throwing up their own firewalls?
> What complications have you run into with various strategies?
> Any input will be appreciated.

At Monash University we have been progressively applying our Network Access
Control Policy : http://www.adm.monash.edu.au/unisec/pol/itec20.html

8 out of 10 faculties currently have the policy applied. About 50% of the
administrative areas also have the policy applied.

On the whole, we haven't had many issues with undertaking this. We're now
probably noticing more problems as more people want to do things such as
VOIP/Video conferencing, etc.

To address that we're undertaking a University wide review of our collaboration
services. This is considering our security requirements as well.

One other issue is ACL limits on the routers which has caused some problems
in the past.

In addition to the above we also block some key ports at the University
borders so that we don't encounter issues there.

Regards
Christian.
--
Christian Wilson
IT Security and Risk Manager, Infrastructure Services
Information Technology Services, Monash University - Clayton
Phone: +61 3 990 51187