The corporate firewall service helps to protect and minimise the risk to University services.
The University has deployed a corporate firewall service.
The corporate firewall service helps to protect and minimise the risk to University services and data from external malicious attack. The firewall is used to help enforce the University's connection and acceptable use polices.
The installation of the corporate firewall migrated the University from a "default permit" network to a "default deny" inbound network. This shift in design meant that instead of running a network which allowed all traffic through and blocked only that which is known to cause problems, the firewall now only permits acceptable traffic and services and blocks all other traffic.
This change does not affect legitimate University services and has the benefit of making the existing services and infrastructure more secure.
The firewall service is intended as a defensive mechanism and, while managing external access to legitimate University systems and services, access from within the University to external services will not be blocked (except in those cases where access contravenes University AUCoP).
It should be noted that the "default deny" inbound firewall is a risk reduction measure, not a risk elimination measure. Therefore, services that are visible through the firewall will need to be secure and best practice guidelines followed.
Failure to follow these practices can still result in infection from hackers, viruses, trojans and malware on network ports that are open through the firewall.
These systems and services will therefore be policed for conformity with the University's technical standards and access policies. Services that do not comply with the server connection policy will not be allowed access through the firewall.
ISD therefore enforces a University approved Server Connection Policy that details the necessary procedures that must be in place before remote access through the firewall is granted. This policy requires that for each server visible through the firewall there must be
ISD have produced a Server Connection Application Form for departments to request the necessary network ports that they require opened for application access through the firewall.
This form records the above information along with the necessary IP addresses, the required network ports and the location of the server.
This form must also be signed and approved by the Head of Department. This authorisation ensures that the request is in support of the teaching aims of the Department.
All system administrators that are supporting services that are visible through the firewall are required to implement the following best practices:
The online Server Connection Application Form can be accessed and completed by connecting to the University sharepoint service at:
Any staff or postgraduate student working for the University