This Control applies to all Texas A&M network information resources. The intended audience for this Control includes all information resource owners and custodians.

Each university unit managing a network shall establish a security strategy that includes perimeter protections (e.g., DMZ, firewall, intrusion detection or prevention system, or router) and incorporates:

• 1.1

  monitoring for denial of service attack,

• 1.2

  configuration settings at the network layer to combat such attacks, and

• 1.3

  maintaining logs of all network activity.

Units shall operate firewall technology with procedures and guidance from Technology Services security operations.

• 2.1

  The Technology Services security operations staff are authorized to disconnect users from the University network if these procedures are not followed.

The Technology Services security operations staff are responsible for managing the campus firewall and may provide specific guidance and procedures to units in the following areas:

• 3.1

  Virtual and physical architecture;

• 3.2

  Protocols and applications that are permitted through the firewall, both inbound and outbound;

• 3.3

  Traffic monitoring rule set;

• 3.4

  Approval process for updating or changing rule sets; and,

• 3.5

  Auditing and testing to verify a firewall’s configuration, rule set accuracy, and effectiveness.