Campus Firewall

As specified by TAC 202 Subchapter C Rule 202.75, this web page provides information about the Firewall.
  • Virtual and physical architecture
    • The firewall is a packet filtering firewall.
    • Access to the campus network is permitted via Ethernet and VPN.
  • Protocols and applications that are permitted through the firewall, both inbound and outbound
    • TCP, UDP and ICMP are permitted inbound and outbound, subject to the rules policy.
    • Protocols which transmit passwords in plain text will not be permitted.
    • The network security team will evaluate the risk to campus of a request. In some cases, a business justification may be required.
  • Traffic monitoring rule set
    • For resource protection, only Networking and Information Security and resource owners are permitted to monitor network traffic, and only in the course of investigation of a network problem or security incident.
    • Multiple appliances are used to monitor traffic. Rules that would flag traffic permitted by policy are disabled, to improve performance.
  • Approval process for updating or changing rule sets and requests for change must be made by (or with permission of) the host owner. The Network Security Team will evaluate the risk of a proposed firewall change. A vulnerability scan will be performed against the host for which the change is requested. Scans will be performed periodically, and the host owner is responsible for ensuring the services remain patched and free from vulnerabilities.
  • Auditing and testing to verify a firewall's configuration, rule set accuracy and effectiveness.
  • The Network Security Team will regularly audit and test the rule set to verify accuracy and effectiveness, using a suite of tools provided with the firewall, and a testing platform located outside of the campus address space.