Re: Closed Network Implementation?

[Barron Hulver <Barron.Hulver () OBERLIN EDU>]

I did the same thing when I moved us from open to closed.  That is, I
logged everything.  I then used a combination of frequency analysis on
the log files and researching the appropriate firewall rules to
determine how to set the appropriate rules.  It was a long process with
a few ports denied incorrectly, but overall it went well.


Barron



Barron Hulver
Director of Networking, Operations, and Systems
Center for Information Technology
Oberlin College
148 West College Street
Oberlin, OH  44074
440-775-8702
Barron.J.Hulver () oberlin edu
http://www2.oberlin.edu/staff/bhulver/





On 3/7/13 11:39 AM, Rick Coloccia wrote:
> On 3/7/2013 11:35 AM, Willis Marti wrote:
> > Glenn,
> >   The key lesson is that with a research university, possibly all
> > higher ed, there is no way to know everything our faculty and staff
> > have cooked up when the rules were less strict. I strongly feel you
> > have to put a device in place without rules to determine what "default
> > deny" would reject, before turning it on.
> +1.
>
> When we moved from open to closed, I put the firewall in a log-all state
> for months before throwing the switch.  I was then able to work out what
> everything was, write appropriate rules, interact with the appropriate
> sysadmins, and make for a very smooth conversion from open to closed.
>
> -Rick