Educause Security Discussion mailing list archives
Re: Stateful Perimeter Firewall
From: "Greene, Chip" <cgreene2 () RICHMOND EDU>
Date: Tue, 13 Oct 2009 09:31:37 -0400
We are set up in this way and have had little issues. The main problem we encountered was with the groups that allowed vendor access to manage their servers with PCAnywhere or ssh. Obviously these would break as the inbound connections would not be permitted. Two ways to mitigate this is to ensure the specific inbound rules are present in the firewall, or force all vendors to have a VPN connection. We use the vendor vpn option with specific firewalls on the VPN that allow access only to the servers they have permissions on. More administration with this option, but well worth the security advantages. and document all connections.... Chip Greene Senior Network Specialist University of Richmond ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dean Halter [Dean.Halter () NOTES UDAYTON EDU] Sent: Tuesday, October 13, 2009 9:10 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Stateful Perimeter Firewall We are considering setting up our firewalls in a stateful, default deny manner. Our folks would be able to communicate out normally, but folks on the outside would only be able to access resources for which there were explicit exceptions. Anyone else doing this that might give us pointers on what we need to do in advance and what to watch for? Is it problematic for certain types of software – p2p, grid, etc.? Is this, as some of our folks say, too corporate? Thanks in advance, Dean Halter IT Risk Management Officer University of Dayton "Security is a process, not a product." Bruce Schneier
Current thread:
- Stateful Perimeter Firewall Dean Halter (Oct 13)
- <Possible follow-ups>
- Re: Stateful Perimeter Firewall Matthew Gracie (Oct 13)
- Re: Stateful Perimeter Firewall Gary Dobbins (Oct 13)
- Re: Stateful Perimeter Firewall Greene, Chip (Oct 13)
- Re: Stateful Perimeter Firewall Parker, Ron (Oct 13)
- Re: Stateful Perimeter Firewall Di Fabio, Andrea (Oct 13)
- Re: Stateful Perimeter Firewall Jones, Dan (Oct 13)
- Re: Stateful Perimeter Firewall Joe St Sauver (Oct 13)
- Re: Stateful Perimeter Firewall Matthew Wollenweber (Oct 13)
- Re: Stateful Perimeter Firewall Cal Frye (Oct 13)
- Re: Stateful Perimeter Firewall Bruce Curtis (Oct 13)
- Re: Stateful Perimeter Firewall Cal Frye (Oct 13)
- Re: Stateful Perimeter Firewall Flynn, Gerald (Oct 14)