Northeastern State University

Firewall

Purpose

The purpose of this document is to provide for the configuration, maintenance, control, and monitoring of network firewall devices used to protect the University’s network and information systems.

Definition

A firewall is a system designed to prevent unauthorized access to or from a private network.

Policy Statement

The firewalls at Northeastern State University (NSU) are used to:

• · Mitigate risks and losses associated with security threats to the University’s network and information systems;


• · Establish Virtual Private Network between NSU campuses in Tahlequah, Broken Arrow, and Muskogee;


• · Provide static IP translations to critical services which must be accessible on the Internet;


• · Inspect packets and sessions to determine if they should be permitted or denied; and


• · Manage access to the University’s internal networks based on:
• · application
• · user authentication
• · IP address and port
• · outbound connections (permitted by default)
• · inbound connections (denied by default)

The firewalls at NSU must be:

• · Protected by uninterruptible power supply to ensure stability in case of a power failure;


• · Configured with a redundant failover unit to provide service continuity should the primary fail;


• · Configured to export its log messages to designated server; and


• · Backed up and archived monthly

Updated July 2009