Coronavirus Information: Bradley plans to resume on-campus classes in fall, summer classes will be online. More Information »

2.01.01 Network Firewall - Border Control

I. Purpose

This procedure documents how Bradley University utilizes the firewall and border routers to protect the campus network resources from unauthorized users, unwanted virus/worm activity, and other malicious activities.

Policy Supported

Supports 2.01 Network Firewall - Border Control

II. Description

Bradley University will continue to comply with these regulations and follow industry best practices by utilizing firewalls to segment the University network into security zones.

Firewall Security Zones

The firewall is segmented into zones, each with an assigned security level number relative to other zones. Devices are added to a specific zone based on who the user is, the protection needed for the device, and the required access to other network resources. For example, a student computer would be placed in a lower numbered zone than an admin machine, but a higher numbered zone than the Internet.

Network devices in higher numbered/level security zones can automatically initiate network communication with devices in lower numbered/level security level zones by default. Lower security zones can respond back to already established network communications that were established by devices higher security zones. Devices in lower security level zones can only initiate network communication with devices in higher level zones when explicitly configured by an access control list (ACL) to allow this.

Firewall Access Control Lists (ACLs)

Access control lists on the firewall are used to permit certain devices in the lower security zones initiate network communications with the higher security zones, communications that would otherwise not be allowed per the zone’s security level numbe

Border Router Access Control Lists (ACLs)

Access control lists on the border routers provide another layer of security in addition to the firewall to protect the campus network as a whole, all zones, from unwanted activity from the Internet/outside world.

Device Level Protection

Many other devices on the network, most commonly servers, have firewall protection installed locally on them, which is in addition to the network firewall.

III. Scope

This procedure applies to all Bradley University network resources at the main campus and the remote campuses.

Date Approved