Re: Closed Network Implementation?

[Rick Coloccia <coloccia () GENESEO EDU>]

On 3/8/2013 1:18 PM, Harry Hoffman wrote:
> Just curiously. How did you know that there wasn't compromised traffic
> in those firewall logs that you just continued allowing outbound?
>
> Did you interact with users at all to determine what the business
> requirements of the traffic being generated were?
>
> Or are you just talking about servers and not desktop machines?

I'm only talking about inbound traffic, and I am just talking about 
servers.  No inbound ports have been opened for end users, I did 
interact with sys admins to be sure that only needed ports and protocols 
were opened.

-Rick

> Cheers,
> Harry
>
> On 03/07/2013 11:39 AM, Rick Coloccia wrote:
> > On 3/7/2013 11:35 AM, Willis Marti wrote:
> > > Glenn,
> > >    The key lesson is that with a research university, possibly all
> > > higher ed, there is no way to know everything our faculty and staff
> > > have cooked up when the rules were less strict. I strongly feel you
> > > have to put a device in place without rules to determine what "default
> > > deny" would reject, before turning it on.
> > +1.
> >
> > When we moved from open to closed, I put the firewall in a log-all state
> > for months before throwing the switch.  I was then able to work out what
> > everything was, write appropriate rules, interact with the appropriate
> > sysadmins, and make for a very smooth conversion from open to closed.
> >
> > -Rick


--
Rick Coloccia, Jr.
Network Manager
State University of NY College at Geneseo
1 College Circle, 119 South Hall
Geneseo, NY 14454
V: 585-245-5577
F: 585-245-5579