Re: Questions about Firewall Exceptions

[Matthew Keller <kellermg () POTSDAM EDU>]

On Wed, 2007-03-14 at 16:33 -0500, Greg T. Grimes wrote:
> 1.  Who manages your firewalls?  Central IT, Department IT?

Central.

> 2.  Do you you require approval for an exception in a firewall for a
> network?

Yes.

>   a.  If so, who approves?

ISO (me)

>   b.  What is the approval process?

Person wanting exception submits a request, I consult my Orb of
Ramifications and Tome of Policies and approve or disprove based on
their results.

Nearly all exceptions have been to run "servers" on a desktop. E-mail
servers are dismissed without further consideration. Web/application
servers are considered based on academic value meshed with what
resources are already available to provide the same service.

Next to server requests, remote desktop-from-home requests are next
highest. THey are also dismissed without further consideration and
[re]informed about the campus VPN server, which they can use to connect
to campus, and to their desktop thereafter if they really need/want to
(most people just want to be on their desktop because they need to be
"on our network" for something).

>   c.  Do you use a form?

E-mail.

> 3.  What exceptions do you allow or disallow?

It's a pretty long list, subject to periodic review, and defense by the
requestor.

--
Matthew Keller
Information Security Officer/Network Administrator
Computing & Technology Services
State University of New York @ Potsdam
Potsdam, NY, USA
http://mattwork.potsdam.edu/