University of Central Florida

Information Security
 
Quick Links
Home
IT Security Policy
IT Resource Policy
Security Tips for everyone
Security Tips for IT
Rules of the Road
Server Security Standards
Computer Security Standards
Legal Matters
 
Network Operations Center
ResNet
Service Desk

 
Security Sites
CERT
CIS
INCIDENTS
LINUX SECURITY
DHS
SANS
SARC
SECURITY FOCUS
US-CERT
 

 

 

Firewall Guidelines

University of Central Florida uses firewalls with specifically crafted access control lists to enhance network and computer system security, to ensure a more reliable network, and to reduce illegal and malicious activities.  To clarify and simplify the difficulty of balancing security with functionality is the objective of this firewall policy.

The general firewall guidelines is stated as follows:

  • Firewall will be used to control access to internal resources from the Internet (ingress)
    • Firewall will be used to deny access to mission-critical systems inside the firewall.
    • Firewall will be used to deny access to systems inside the firewall that are not registered with Network Operations and do not comply with section II-N of the ITR Resource Policy. Section II-N states: “Servers that do not directly support the instructional, service, and research missions of the university will not be provided access to the campus network.  
    • Firewall will be used to deny access to services that are not intended for the Internet in general. System services intended for the few are expected to VPN for access.
    • Firewall will be used to hinder the ability of users to be able to use Peer-to-Peer application to transfer files in and out of the University. The reputation of these applications are to transfer copy protected media. Thus, this is a violation of University, State, and Government laws. Network Operations will make an effort to hinder such illegal activities.  
  • Firewall will be used to control access to the Internet (egress)
    • Firewall will be used to deny certain protocols that are known to be used for command and control or propagate malicious code, e.g., IRC.
    • Firewall will be used for the purposes of "good neighbor policy."
    • Firewall will be used to hinder the ability of users to be able to use Peer-to-Peer application to transfer files in and out of the University.
    • Firewall will be used to deny certain protocols generally intended for LAN use, e.g. Windows NetBIOS, SQL, etc.
    • Firewall will be used to deny outbound email except for registered, legitimate servers. Client systems may use Pegasus.cc.ucf.edu and/or mailgate.cc.ucf.edu as their outgoing mail servers.

     

  • Access to internal systems from the Internet will be provided only in the following instances:
    • Servers that are registered with Network Operations and support the instructional and research mission of the university. Please see second bullet above.
    • Certain mission-critical systems require vendors and other entities to have limited access to system resources from outside the firewall. Vendors that require access from the outside world will be restricted to a particular service on a particular system. VPN is also encourage for vendors once they have authorization from Institutional Research.
    • IT staff, University staff, students, etc. needing access to protected systems inside the firewall will have to make a VPN connection to our VPN device, thus obtaining a secure and authenticated access to protected devices inside the firewall.

     

  • Firewall will not be used to restrict access to legitimate resources on the Internet.  Some restrictions may be put in place in order to protect the integrity and security of the entire UCF network.

All contents are copyrighted
Maintained by the Information Security Office
Computer Services & Telecommunications