Presentation is loading. Please wait.

Presentation is loading. Please wait.

Closing SFSU border firewall Prepared by E.Rayz DoIT Network Services Coordinator February 14, 2012.

Published bySheila Glenn Modified over 8 years ago

Similar presentations

Presentation on theme: "Closing SFSU border firewall Prepared by E.Rayz DoIT Network Services Coordinator February 14, 2012."— Presentation transcript:

1 Closing SFSU border firewall Prepared by E.Rayz DoIT Network Services Coordinator February 14, 2012

2 Topics covered by this presentation CSU San Francisco Edge Network Design overview Firewall rules - how they work Best practices when closing the borders On-going support overview Q&A

3 CSU San Francisco Edge Network Design

4 Firewall rules - how they work

5 - VPN software available for faculty and staff, also some sponsored contractors -systems administrators are encouraged to use sftp, ssh, and https vs other unencrypted protocols - systems administrators need to use static ip addresses for servers, and register those ip addresses in dns via e-mail to dns@otrs.sfsu.edu - requests for justified exceptions will follow an established process and change control procedure, and may take approximately 1 week Best practices when closing the borders

6 On-going support for exemptions requests The completed “Border FW inbound Port exemption” form should be emailed by authorized Change Control contact to helpdesk@sfsu.edu with a CC to fw-request@sfsu.edu by Thursday, March 1 st, 2012. The border firewall closure is scheduled for Thursday, March 15 th, 2012helpdesk@sfsu.edufw-request@sfsu.edu You will be contacted within 3 business days regarding your request The following unencrypted and shell access protocols will not be allowed through the firewall except where there is a business justification (e.g. anonymous FTP). End users and administrators are encouraged to use campus VPN for systems needing access via any of the following: Telnet FTP Secure Shell Remote Desktop

7 NameJonSmith DepartmentEducation BuildingBurk Hall Room #999 Phone87777 Email jsmith@sfsu.edu ApplicationActionProtocolSource IP Source Port Destinati on IP Destin ation Port Operating System (Drop- Down Choices) Device (Drop- Down Choices) Reason for Exemption wwwALLOWTCPANY 130.212. 65.200 80MacOSServerWeb Server Border firewall inbound port exemption template example:

8 Q&A A comprehensive border firewall workshop is scheduled for February 20 th 10:30 a.m. – 12 noon, please stay tuned for details on location and full agenda

Download ppt "Closing SFSU border firewall Prepared by E.Rayz DoIT Network Services Coordinator February 14, 2012."

Similar presentations

Common Timetabling Platform Project Update January 2009.

Common Timetabling Platform Project Update January 2009.
1 Conference Etiquette 1 Video Attendees: - Please mute your microphones until you are ready to ask a question. On Site Attendees: - Please mute your cell.

1 Conference Etiquette 1 Video Attendees: - Please mute your microphones until you are ready to ask a question. On Site Attendees: - Please mute your cell.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
Www.regouniversity.com Clarity Educational Community www.regouniversity.com Clarity Educational Community Integration Interface Strategies and Methods.

Clarity Educational Community Clarity Educational Community Integration Interface Strategies and Methods.
Senior Design Lab Policies Presented by: Trey Murdoch CSC IT Staff.

Senior Design Lab Policies Presented by: Trey Murdoch CSC IT Staff.
Technology Update TSAG Meeting 9/12/02. Announcements: Mandatory Password Changes Coming in October! (Postponed) End of BootP (November 1) DNS Cleanup.

Technology Update TSAG Meeting 9/12/02. Announcements: Mandatory Password Changes Coming in October! (Postponed) End of BootP (November 1) DNS Cleanup.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
Technology Update TSAG Meeting 3/13/03. Announcements: Disaster Recovery Test:[Bill]  (2/18-19) Networking Infrastructure: DNS, DHCP, Authentication.

Technology Update TSAG Meeting 3/13/03. Announcements: Disaster Recovery Test:[Bill]  (2/18-19) Networking Infrastructure: DNS, DHCP, Authentication.
Technology Update TSAG Meeting 2/13/03. Announcements: Self-Service Account Utility Available Disaster Recovery Test:  (2/18-19)

Technology Update TSAG Meeting 2/13/03. Announcements: Self-Service Account Utility Available Disaster Recovery Test:  (2/18-19)
University of Michigan Administrative Information Services Merit Information HRMS Unit Liaison Meeting June 15, 2007.

University of Michigan Administrative Information Services Merit Information HRMS Unit Liaison Meeting June 15, 2007.
University of Michigan Administrative Information Services 2006 Merit Information HRMS Unit Liaison Meeting May 19, 2006.

University of Michigan Administrative Information Services 2006 Merit Information HRMS Unit Liaison Meeting May 19, 2006.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.

Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.
BADGER 3-8 EXAM : Wisconsin Smarter Assessment Updates & Resources 02/20/2015.

BADGER 3-8 EXAM : Wisconsin Smarter Assessment Updates & Resources 02/20/2015.
Update and Discussions on Technology Initiatives TSAG Meeting 4/11/02.

Update and Discussions on Technology Initiatives TSAG Meeting 4/11/02.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
SSL From Your Smartphone Support for Android Smartphones www.sharetech.com.twwww.sharetech.com.tw / www.higuard.comwww.higuard.com.

SSL From Your Smartphone Support for Android Smartphones /
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
ITGS Networks Based on the textbook “Information Technology in a Global Society for the IB Diploma” by Stuart Gray.

ITGS Networks Based on the textbook “Information Technology in a Global Society for the IB Diploma” by Stuart Gray.
4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.

4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.

Similar presentations

Ads by Google