Re: Closed Network Implementation?

[Leo Song <song () UOGUELPH CA>]

Hi, Rick.

What log tool are you using to analyse them? and have you had IDS/IPS 
implemented? thanks.


On 13-03-07 11:39 AM, Rick Coloccia wrote:
> On 3/7/2013 11:35 AM, Willis Marti wrote:
> > Glenn,
> >   The key lesson is that with a research university, possibly all 
> > higher ed, there is no way to know everything our faculty and staff 
> > have cooked up when the rules were less strict. I strongly feel you 
> > have to put a device in place without rules to determine what 
> > "default deny" would reject, before turning it on.
> +1.
>
> When we moved from open to closed, I put the firewall in a log-all 
> state for months before throwing the switch.  I was then able to work 
> out what everything was, write appropriate rules, interact with the 
> appropriate sysadmins, and make for a very smooth conversion from open 
> to closed.
>
> -Rick


--
Leo Song, Senior Analyst & Cluster Lead
Computing and Communication Services - Networking and Security
University of Guelph
(519) 824-4120 x 53181