SURVEY: Research Institutions / Border Firewalls

[Chris Green <cmgreen () UAB EDU>]

Good day,

 

In part of proposing campus firewall solutions, we wish to include some
perspective on what other Research Universities are doing for border
firewalls.   Please reply directly to myself and I'll summarize replies
back to the list.  I will remove your identity from your answer if you
request it.

 

I'm primarily interested in what other research-focused institutions are
doing. 

 

1)      Do you require central server registration?

2)      Do you require VPN for off-campus access? 

a.       If Yes, is it:

                                                               i.
SSLVPN

                                                             ii.
IPSEC VPN

                                                            iii.
Bastion Host

3)      Do you have a firewall on your primary internet link?

4)      Do you have a firewall on your I2/Research Links?

5)      Do you use primarily use dark IP addressing?

6)      Is your IT structure centralized or decentralized?

7)      Do you use a web proxy or SOCKS?

8)      What scenario best describes your firewall policy:

a.       "one size fits all"  (such as allow only port 80 and 443
traffic) 

b.       customized in place; Don't have to change the IP address and
any services requested are allowed.

c.       customized DMZ": You can get whatever you want as long as you
move your server into a DMZ.

d.      Other: Please describe

9)      How do you handle folks doing videoconferencing or legitimate
peer-to-peer (BitTorrent Linux downloads)

10)   Are there any things about your setup you would have done
differently with 20-20 hindsight?

 

Thanks for taking the time to reply 

--

Chris Green

UAB Data Security, 205-975-0842