Educause Security Discussion mailing list archives
Re: Closed Network Implementation?
From: Rick Coloccia <coloccia () GENESEO EDU>
Date: Thu, 7 Mar 2013 11:39:13 -0500
On 3/7/2013 11:35 AM, Willis Marti wrote:
Glenn, The key lesson is that with a research university, possibly all higher ed, there is no way to know everything our faculty and staff have cooked up when the rules were less strict. I strongly feel you have to put a device in place without rules to determine what "default deny" would reject, before turning it on.
+1.When we moved from open to closed, I put the firewall in a log-all state for months before throwing the switch. I was then able to work out what everything was, write appropriate rules, interact with the appropriate sysadmins, and make for a very smooth conversion from open to closed.
-Rick -- Rick Coloccia, Jr. Network Manager State University of NY College at Geneseo 1 College Circle, 119 South Hall Geneseo, NY 14454 V: 585-245-5577 F: 585-245-5579
Current thread:
- Closed Network Implementation? Thorpe, Glenn (Mar 07)
- Re: Closed Network Implementation? Willis Marti (Mar 07)
- Re: Closed Network Implementation? Rick Coloccia (Mar 07)
- Re: Closed Network Implementation? Barron Hulver (Mar 07)
- Re: Closed Network Implementation? Leo Song (Mar 08)
- Re: Closed Network Implementation? Rick Coloccia (Mar 08)
- Re: Closed Network Implementation? Harry Hoffman (Mar 08)
- Re: Closed Network Implementation? Rick Coloccia (Mar 08)
- Re: Closed Network Implementation? Rick Coloccia (Mar 07)
- Re: Closed Network Implementation? Willis Marti (Mar 07)
- Re: Closed Network Implementation? Harry Hoffman (Mar 08)
- Re: Closed Network Implementation? Willis Marti (Mar 08)
- Re: Closed Network Implementation? Mike Iglesias (Mar 08)
- Re: Closed Network Implementation? Michael Sinatra (Mar 08)