Educause Security Discussion
mailing list archives
Re: Questions about Firewall Exceptions
From: Matthew Keller <kellermg () POTSDAM EDU>
Date: Thu, 15 Mar 2007 09:08:39 -0400
On Wed, 2007-03-14 at 16:33 -0500, Greg T. Grimes wrote:
1. Who manages your firewalls? Central IT, Department IT?
2. Do you you require approval for an exception in a firewall for a
a. If so, who approves?
b. What is the approval process?
Person wanting exception submits a request, I consult my Orb of
Ramifications and Tome of Policies and approve or disprove based on
Nearly all exceptions have been to run "servers" on a desktop. E-mail
servers are dismissed without further consideration. Web/application
servers are considered based on academic value meshed with what
resources are already available to provide the same service.
Next to server requests, remote desktop-from-home requests are next
highest. THey are also dismissed without further consideration and
[re]informed about the campus VPN server, which they can use to connect
to campus, and to their desktop thereafter if they really need/want to
(most people just want to be on their desktop because they need to be
"on our network" for something).
c. Do you use a form?
3. What exceptions do you allow or disallow?
It's a pretty long list, subject to periodic review, and defense by the
Information Security Officer/Network Administrator
Computing & Technology Services
State University of New York @ Potsdam
Potsdam, NY, USA