Western Nevada CollegeWestern Nevada College Policies

Policy 8-2-5: Firewall Policy

WNC Policy 8-2-5
Procedure: Firewall Policy
Policy No.: 8-2-5
Department: Computing Services
Contact: Coordinator/Director
Policy: Purpose

WNC operates perimeter firewalls between the Internet and its private internal network in order to create a secure operating environment for WNC's computer and network resources. A firewall is just one element of a layered approach to network security. The purpose of this Firewall Policy is to describe how WNC's firewalls will filter Internet traffic in order to mitigate risks and losses associated with security threats, while maintaining appropriate levels of access for business users.

The Firewall Policy is subordinate to WNC's general Security Policy, as well as any governing laws or regulations.

Definition

Firewall - Computer hardware or software that prevents unauthorized access to private data (as on a local area network) by outside computer users ( as of the Internet).

Scope

This Firewall Policy refers specifically to the WNC firewalls.

The role of the firewalls is to help WNC keep unauthorized visitors from accessing valuable college resources.

Stop attacks before they penetrate the network perimeter

Protect resources and data, as well as voice, video, and multimedia traffic

Control network and application activity

Reduce deployment and operational costs

WNC's Firewalls will (at minimum) perform the following security services:

Access control between the trusted internal network and un-trusted external networks

Block unwanted traffic as determined by the firewall rule set

Hide vulnerable internal systems from the Internet

Hide information such as system names, network topologies, and internal user IDs from the Internet

Log traffic to and from the internal network

Provide virtual private network (VPN) connectivity

All employees of WNC are subject to this policy.

Responsibilities

Computing Services is responsible for implementing and maintaining WNC firewalls, as well as for enforcing and updating this policy. Logon access to firewalls will be restricted to a primary firewall administrator. Password construction for firewalls will be consistent with the strong password creation practices outlined in WNC's Password Policy.

Any questions or concerns regarding WNC firewalls should be directed to the Network/ Server Support Analyst.

Policy

The approach adopted to define firewall rule sets is that all services will be denied by the firewall unless expressly permitted in this policy. WNC firewalls permit the following outbound and inbound Internet traffic.

Outbound - All Internet traffic to hosts and services outside of WNC

Inbound - Only Internet traffic from outside WNC that supports the college mission of WNC as defined by NSHE policy

Operational Procedures

WNC employees may request changes to firewall configurations in order to allow previously disallowed traffic. A firewall change request form, with full justification, must be submitted to the Computing Services department for approval. All requests will be assessed by the Computing Services Administrator to determine if they fall within the parameters of acceptable risk. If approval is given, the Network/Server Support Analyst will make the changes and note those changes in the Firewall Change Order spreadsheet. In an emergency threatening the network, the Network/Server Support Analyst may make a temporary change without the Computing Services Administrator's or director's approval. In that case, approval would be sought as soon as the Computing Services Administrator or director is available and all changes would be recorded on the Firewall Change Order spreadsheet. Requested approvals are not guaranteed as associated risks may be deemed too high. If this is the case, an explanation will be provided to the original requestor and alternative solutions will be explored.

Turnaround time for the above stated firewall reconfiguration and network access requests is approximately five (5) days from the receipt of the request form.

Firewall logs will be archived 10 days. Firewall logs will be reviewed weekly.

Enforcement

Wherever possible, technological tools will be used to enforce this policy and mitigate security risks. Any employee who is found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

Date Adopted and Dates Revised
Date Adopted March 15, 2011 Dates Revised
Please direct comments about this page to the Assistant to the President
URL: http://www.wnc.edu/policymanual/8-2-5.php
Date Printed: November 28, 2014
Close