{"id":4873,"date":"2019-11-27T15:52:35","date_gmt":"2019-11-27T23:52:35","guid":{"rendered":"https:\/\/www.hmc.edu\/cis\/?p=4873"},"modified":"2019-11-27T15:52:35","modified_gmt":"2019-11-27T23:52:35","slug":"security-update-deploying-a-centralized-firewall-for-hmc","status":"publish","type":"post","link":"https:\/\/www.hmc.edu\/cis\/2019\/11\/27\/security-update-deploying-a-centralized-firewall-for-hmc\/","title":{"rendered":"Security update: deploying a centralized firewall for HMC"},"content":{"rendered":"<p>As part of our efforts to increase security for the College&#8217;s data (and yours!), we are planning to deploy a <a href=\"https:\/\/www.cisco.com\/c\/en\/us\/products\/security\/adaptive-security-appliance-asa-software\/index.html\">centralized firewall<\/a>.\u00a0 \u00a0We will work with the TCCS Networking staff to achieve this.\u00a0 \u00a0The goal is to prevent unauthorized access to computers connected to our network.\u00a0 At the moment, we have parts of a distributed firewall, implemented at the campus network level (Access Control Lists).\u00a0 But it is complicated, with some 900 rules scattered across the switches.\u00a0 \u00a0This new firewall initiative will modernize and centralize our approach.<\/p>\n<p>I have discussed the initiative with the President&#8217;s Cabinet and with the Department Chairs Committee.\u00a0 I did not discuss details as there are no details to discuss yet.\u00a0 \u00a0Our plan is to pilot and test on various parts of the network before visiting each department to work out details.<\/p>\n<p>One thing to say up front:\u00a0 \u00a0The firewall will not prevent access from our network to the internet, nor will it prevent authorized access from the internet back in to our network.\u00a0 Just as you would with your home network, we are aiming to make sure that you have authorized any access to your computer.<\/p>\n<p><span style=\"font-weight: 400\">The HMC network is broken into a number of logical portions (VLANs) and w<\/span>e will deploy the firewall in phases VLAN by VLAN.\u00a0 The default for the new firewall will be to deny access to unsolicited or unauthorized requests for access.\u00a0 This means that there will be some people who need exceptions for the firewall rules. For example, if you are running a web server on a segment of the network that isn&#8217;t configured to allow that, you\u2019d need an exception.\u00a0 We want to make sure that exceptions are kept secure and will scan them regularly (as we have done in the past).<\/p>\n<p><span style=\"font-weight: 400\">We have already set up the firewall for a test VLAN and for a VLAN that contains CIS servers.\u00a0 We will do more extensive testing and then move on to another department.\u00a0 Please watch for more news about this.\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>As part of our efforts to increase security for the College&#8217;s data (and yours!), we are planning to deploy a [&hellip;]<\/p>\n","protected":false},"author":35,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,17,9,10],"tags":[],"class_list":["post-4873","post","type-post","status-publish","format-standard","hentry","category-from-cis","category-infrastructure","category-systems-and-network-services","category-cioupdates"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.hmc.edu\/cis\/wp-json\/wp\/v2\/posts\/4873","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hmc.edu\/cis\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hmc.edu\/cis\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hmc.edu\/cis\/wp-json\/wp\/v2\/users\/35"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hmc.edu\/cis\/wp-json\/wp\/v2\/comments?post=4873"}],"version-history":[{"count":0,"href":"https:\/\/www.hmc.edu\/cis\/wp-json\/wp\/v2\/posts\/4873\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.hmc.edu\/cis\/wp-json\/wp\/v2\/media?parent=4873"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hmc.edu\/cis\/wp-json\/wp\/v2\/categories?post=4873"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hmc.edu\/cis\/wp-json\/wp\/v2\/tags?post=4873"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}