Information Resources and Technology Procedure
||Network Firewall - Border Control
This procedure documents how Bradley University utilizes the firewall and border routers to protect the campus network resources from unauthorized users, unwanted virus/worm activity, and other malicious activities.
Supports 2.01 Network Firewall - Border Control
Firewall Security Zones
The firewall is segmented into zones, each with an assigned security level number relative to other zones. Devices are added to a specific zone based on who the user is, the protection needed for the device, and the required access to other network resources. For example, a student computer would be placed in a lower numbered zone than an admin machine, but a higher numbered zone than the Internet.
Network devices in higher numbered/level security zones can automatically initiate network communication with devices in lower numbered/level security level zones by default. Lower security zones can respond back to already established network communications that were established by devices higher security zones. Devices in lower security level zones can only initiate network communication with devices in higher level zones when explicitly configured by an access control list (ACL) to allow this.
Firewall Access Control Lists (ACLs)
Access control lists on the firewall are used to permit certain devices in the lower security zones initiate network communications with the higher security zones, communications that would otherwise not be allowed per the zone’s security level number.
Border Router Access Control Lists (ACLs)
Access control lists on the border routers provide another layer of security in
addition to the firewall to protect the campus network as a whole, all zones, from unwanted activity from the Internet/outside world.
Device Level Protection
Many other devices on the network, most commonly servers, have firewall protection installed locally on them, which is in addition to the network firewall.
This procedure applies to all Bradley University network resources at the main campus and the remote campuses.
||Revision 1 Date
||Revision 2 Date
||Revision 3 Date
||Revision 4 Date
||Revision 5 Date
maintained by S. Renken