Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Questions about Firewall Exceptions
From: Matthew Keller <kellermg () POTSDAM EDU>
Date: Thu, 15 Mar 2007 09:08:39 -0400

On Wed, 2007-03-14 at 16:33 -0500, Greg T. Grimes wrote:
1.  Who manages your firewalls?  Central IT, Department IT?

Central.

2.  Do you you require approval for an exception in a firewall for a
network?

Yes.

  a.  If so, who approves?

ISO (me)

  b.  What is the approval process?

Person wanting exception submits a request, I consult my Orb of
Ramifications and Tome of Policies and approve or disprove based on
their results.

Nearly all exceptions have been to run "servers" on a desktop. E-mail
servers are dismissed without further consideration. Web/application
servers are considered based on academic value meshed with what
resources are already available to provide the same service.

Next to server requests, remote desktop-from-home requests are next
highest. THey are also dismissed without further consideration and
[re]informed about the campus VPN server, which they can use to connect
to campus, and to their desktop thereafter if they really need/want to
(most people just want to be on their desktop because they need to be
"on our network" for something).

  c.  Do you use a form?

E-mail.

3.  What exceptions do you allow or disallow?

It's a pretty long list, subject to periodic review, and defense by the
requestor.

--
Matthew Keller
Information Security Officer/Network Administrator
Computing & Technology Services
State University of New York @ Potsdam
Potsdam, NY, USA
http://mattwork.potsdam.edu/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]