Educause Security Discussion mailing list archives
Re: Closed Network Implementation?
From: Mike Iglesias <iglesias () UCI EDU>
Date: Fri, 8 Mar 2013 09:28:09 -0800
On 03/07/2013 08:19 AM, Thorpe, Glenn wrote:
Hello, I work on the Information Security Team at the University of North Texas System. We are currently moving towards a default deny (closed network) design, and I am reaching out to other institutions to see if they have gone though this process and any roadblocks or lessons learned that could be shared with us. I'd appreciate any input you may have or anyone you could point me to that may be able to discuss this further.
We did this several years ago. We setup a web page that faculty and staff could use to register systems that needed access from off-campus and what ports needed to be opened (they can also open all ports). We also made lists of systems that had been accessed from off-campus and gave it to the school computing staff so they could contact the faculty/staff that were responsible for the systems, make sure they really needed the access, and make sure they were registered before the cut-over date. We did the cut over in phases, doing part of our address space in each phase (we have 4 /16s networks). This lessened the issues we had to deal with. Registration changes are made to the border firewall at set times during the day (currently 3 times a day, morning, early afternoon, and evening) if anything has changed since the last update. -- Mike Iglesias Email: iglesias () uci edu University of California, Irvine phone: 949-824-6926 Office of Information Technology FAX: 949-824-2270
Current thread:
- Closed Network Implementation? Thorpe, Glenn (Mar 07)
- Re: Closed Network Implementation? Willis Marti (Mar 07)
- Re: Closed Network Implementation? Rick Coloccia (Mar 07)
- Re: Closed Network Implementation? Barron Hulver (Mar 07)
- Re: Closed Network Implementation? Leo Song (Mar 08)
- Re: Closed Network Implementation? Rick Coloccia (Mar 08)
- Re: Closed Network Implementation? Harry Hoffman (Mar 08)
- Re: Closed Network Implementation? Rick Coloccia (Mar 08)
- Re: Closed Network Implementation? Rick Coloccia (Mar 07)
- Re: Closed Network Implementation? Willis Marti (Mar 07)
- Re: Closed Network Implementation? Harry Hoffman (Mar 08)
- Re: Closed Network Implementation? Willis Marti (Mar 08)
- Re: Closed Network Implementation? Mike Iglesias (Mar 08)
- Re: Closed Network Implementation? Michael Sinatra (Mar 08)
- Re: Closed Network Implementation? Mike Iglesias (Mar 08)
- Re: Closed Network Implementation? Michael Sinatra (Mar 08)