SULAIR HOME | ACOMP HOME | SU HOME

January 24, 2007
Issue No. 73

Table of Contents

• Highlights and Features
  • SU Desktop Tools Available
    
  • Try Stanford Syllabus
    
  • ESS-New Software Updates
    
  • CourseWork v5 Available
    
  • Wikis at Stanford
    
  • SU Historical Society Web
    
  • Captioned Video Project
    
  • SU Phones via VoIP
    
  • IT Open House a Success
    

• Library Resources
  • New Databases Web Site
    
  • Socrates Changes
    
  • Microfilm Aids Research
    
  • US Historical Newspapers
    
  • Oxford African American Ctr
    
  • Dime Novels - Full Text
    
  • Defining Gender Database
    
  • SSDS Workshops
    
  • New Sciences Databases
    
  • Protein Lounge Databases
    
  • MDL DiscoveryGate Available
    
  • DIPPR Database Available
    
  • BIOSIS and ZR Expansion
    
  • New JSTOR Feature
    
  • HighWire Press New Journals
    

• Computing News
  • ATS & Faculty Projects
    
  • New SOAP Web Site
    
  • SU Wireless Network News
    
  • Software at SU Web Site
    
  • Departmental Firewall Service
    
  • CAMS for SU Community
    
  • Wireless in Residences
    
  • Fall Computer Registration
    
  • SU Copyright Reminder 2006
    
  • SU Bookstore Computer Q&A
    

In September of 2006, the President and the Provost funded an IT Services initiative to implement firewalls across campus at the department network perimeter. This service will be offered at no cost to all Stanford departments wishing to participate.

How Does a Firewall Protect Networks and Systems?

A firewall is a system whose primary function is to allow only authorized traffic to pass to critical systems and resources, blocking all other traffic. This functionality provides network resources with protection from both Internet and intranet based attacks, and includes the ability to quickly quarantine a network in the event of a significant security event.

Important to note is that a firewall is only one component of information security. It is not a replacement for following good systems administration practices including patching, updating, and sound account management. For more information on what you can do to secure your hosts, please refer to:

http://www.stanford.edu/group/security/securecomputing/

Virtual Firewalls and Security Zones?

The Stanford Departmental firewall has been structured to take advantage of the recent 10Gigabit upgrade to the campus backbone. In addition to enhancing the physical network infrastructure, the 10Gigabit upgrade provided an opportunity to add resiliency to the network by defining it into 8 Operational Zones (OZ), each with redundant routers, switches and soon...firewalls.

Each OZ firewall can be partitioned into multiple virtual firewall or "security zones". Each network will have its own virtual firewall/security zone capable of having a unique set of security policies.

When Will the Firewalls Be Deployed?

During the next few months, members of the project team will be contacting LNAs to discuss the firewall service, including the process and schedule for migrating networks behind the firewall.

The deployment of the firewalls is scheduled to occur in two phases:

• Phase 1, from Jan through Dec 2007 - Networks will be migrated behind the firewalls with a general security policy template in effect, and traffic logging established.
• Phase 2, from Feb 2007 through Nov 2008, project team staff will work with LNAs to review the traffic log files and craft enhanced security policies.

What Can I Do To Prepare?

One of the most important things that LNAs can do to prepare for the firewall is to ensure that NetDB entries are updated to reflect correct host information. Document the ports and services that your applications require for functionality. And while not essential, having network diagrams available is useful in troubleshooting any problems that may arise.

For More Information

For more information on the Departmental Firewall service, please refer to: https://www.stanford.edu/services/firewall/, or contact Michelle Collette at michelle.collette@stanford.edu.