2.01.01 Network Firewall - Border Control
I. Purpose
This procedure documents how Bradley University utilizes the firewall and border routers to protect the campus network resources from unauthorized users, unwanted virus/worm activity, and other malicious activities.
Policy Supported
Supports 2.01 Network Firewall - Border Control
II. Description
Bradley University will continue to comply with these regulations and follow industry best practices by utilizing firewalls to segment the University network into security zones.
Firewall Security Zones
The firewall is segmented into zones, each with an assigned security level number relative to other zones. Devices are added to a specific zone based on who the user is, the protection needed for the device, and the required access to other network resources. For example, a student computer would be placed in a lower numbered zone than an admin machine, but a higher numbered zone than the Internet.
Network devices in higher numbered/level security zones can automatically initiate network communication with devices in lower numbered/level security level zones by default. Lower security zones can respond back to already established network communications that were established by devices higher security zones. Devices in lower security level zones can only initiate network communication with devices in higher level zones when explicitly configured by an access control list (ACL) to allow this.
Firewall Access Control Lists (ACLs)
Access control lists on the firewall are used to permit certain devices in the lower security zones initiate network communications with the higher security zones, communications that would otherwise not be allowed per the zone’s security level numbe
Border Router Access Control Lists (ACLs)
Access control lists on the border routers provide another layer of security in
addition to the firewall to protect the campus network as a whole, all zones, from unwanted activity from the Internet/outside world.
Device Level Protection
Many other devices on the network, most commonly servers, have firewall protection installed locally on them, which is in addition to the network firewall.
III. Scope
This procedure applies to all Bradley University network resources at the main campus and the remote campuses.