| ELEMENT NAME | DESCRIPTION |
Major Service |
Networking |
Service Name |
Firewall Service |
Service Description |
The University has deployed a corporate firewall service. The corporate firewall service helps to protect and minimise the risk to University services and data from external malicious attack. The firewall is used to help enforce the University’s connection and acceptable use polices. The installation of the corporate firewall migrated the University from a “default permit” network to a “default deny” inbound network. This shift in design meant that instead of running a network which allowed all traffic through and blocked only that which is known to cause problems, the firewall now only permits acceptable traffic and services and blocks all other traffic. This change does not affect legitimate University services and has the benefit of making the existing services and infrastructure more secure. The firewall service is intended as a defensive mechanism and, while managing external access to legitimate University systems and services, access from within the University to external services will not be blocked (except in those cases where access contravenes University AUCoP). It should be noted that the “default deny” inbound firewall is a risk reduction measure, not a risk elimination measure. Therefore, services that are visible through the firewall will need to be secure and best practice guidelines followed. Failure to follow these practices can still result in infection from hackers, viruses, trojans and malware on network ports that are open through the firewall. These systems and services will therefore be policed for conformity with the University's technical standards and access policies. Services that do not comply with the server connection policy will not be allowed access through the firewall. ISD therefore enforces a University approved Server Connection Policy that details the necessary procedures that must be in place before remote access through the firewall is granted. This policy requires that for each server visible through the firewall there must be,
ISD have produced a Server Connection Application Form for departments to request the necessary network ports that they require opened for application access through the firewall. This form records the above information along with the necessary IP addresses, the required network ports and the location of the server. This form must also be signed and approved by the Head of Department. This authorisation ensures that the request is in support of the teaching aims of Department. What system administrators must do? All system administrators that are supporting services that are visible through the firewall are required to implement the following best practices: Install anti-virus software and keep the definition files up to date; Turn off or remove unused network services; Change all default passwords; Change all administrator or privileged account passwords regularly; Keep operating systems and applications patched to the latest revision; Make regular backups of critical data. |
Service Owner |
Network Team |
Business Process |
Graphical workflow of Business Process |
Supporting Materials |
Download the Sever Connection Application Form |
How to obtain help |
Contact the ISD Service Desk, email: servicedesk@ulster.ac.uk telephone: 66777 external: 02890366777 |
Cost (where applicable) |
xxx |
Service Metrics (KPI/SLA statement) |
|
Who can avail of the service? |
Any staff or postgraduate student working for the University |
Keywords |
Firewall Service Server Connection Application Form
|
