| Abstract: | The Brown University network has approximately 15,000 hosts, with roughly 300 protected by centrally administered firewalls and 500 protected by departmental firewalls. As the threats from the Internet increase in severity, an increasing number of system administrators are considering firewalls as part of their layered security strategy. Even on university campuses, where the spirit of sharing and openness is very strong in support of research and intellectual stimulation, certain information must be protected. Institutions of higher education, including private ones, are subject to regulatory requirements designed to protect the privacy of students, financial information, medical records, and other personal and private information. Some systems need to be available 24 x 7 for critical research and academic or business-related applications. In an information technology security strategy, firewalls provide one layer of protection for these types of systems. The implementation of firewall technology almost always faces some resistance, mostly due to horror stories of poorly implemented solutions. Some resistance, however, results from a perception that security will adversely impact intellectual freedom in some way. At Brown, many people agree that some systems should be protected by a firewall, but others are adamantly opposed to the idea of a perimeter firewall. We address these concerns by approaching our users from a service perspective, offering an opt-in firewall service and engaging them in the planning, design, and implementation of firewall technologies. Additionally, we ensure that all individuals responsible for firewalls have sufficient training to manage them and to monitor associated logs to detect problems such as a malicious attack or legitimate traffic being blocked.
|
