Skip to Content.
Sympa Menu

netsec-sig - Re: [Security-WG] Campus Border Policy

Subject: Internet2 Network Security SIG

List archive

Re: [Security-WG] Campus Border Policy


Chronological Thread 
  • From: Andrew Gallo <>
  • To:
  • Subject: Re: [Security-WG] Campus Border Policy
  • Date: Tue, 9 May 2017 08:53:29 -0400
  • Ironport-phdr: 9a23:2p75sR1aZN3CGc/OsmDT+DRfVm0co7zxezQtwd8Zse0RKPad9pjvdHbS+e9qxAeQG96KtLQc0qGM4+jJYi8p2d65qncMcZhBBVcuqP49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6JvjvGo7Vks+7y/2+94fdbghMhjexe69+IAi5oQnPtcQdnJdvJLs2xhbVuHVDZv5YxXlvJVKdnhb84tm/8Zt++ClOuPwv6tBNX7zic6s3UbJXAjImM3so5MLwrhnMURGP5noHXWoIlBdDHhXI4wv7Xpf1tSv6q/Z91SyHNsD4Ubw4RTKv5LptRRT1iikIKiQ5/XnKhMJugqJVoBGvqRJxzIHbYo6aKOFzfqzBcd4AWWdNQshcWi5HD4ihb4UPFe0BPeNAooThoVsBsAG+CheiBejyyzFHnHv23ak90+88FgzJxgMgEMgKsHTQq9X4L7kdUeWvw6nJyTXPdfxW2Dng6ITSbB8uvOyMUKt2fMHMykcvDxvIgkiRpID4JT+ZyOQAvmaB4+Z9VO+iinQrpx9vrjS328sglIrEipgIxl3F+ih12ps5KNOiREJlZ9OvDYFeuDuAN4RsR8MvW2Fotzg+yr0BoZO7eTIFyJUjxx7HcfyIbpaI7Qj+W+aUIDZ1i2tpeKm6hxau6Uis0PPzVtKu3FZFoCtFj8PAuW4Q2BzO8sSHS/198Vm92TuXygze6/xILVoqmafbJZMt2KM8m5sSvEjZACP6hl36jKqMeUUl/uio5f7nYrLjppKELYB0hRvxMqAqmsy4Guk3LA0OUHKa+eS4zrHj8kP4QKhQgvIoj6bZrYjWJd4Hqa6hHw9VzoEj5g6kDzi4zNsYgGMHLFNZeBOHloToNV7OLev8Dfe+mFSsjCxry+7cMr3gBJXNMmbMkK3nfblj905Q1hA/ws5C6JJJWfk9J6foV0Tsrt3EH1omPCS1xfrqEtNwytlYVG6SUYGDN6aHmFmE/O8wa8aFYIsS8GL0JPEh4/nGgHowmFtbcra0m5YbdSbrTbxdP0yFbC+00Z86GmAQs19mQQ==


On 5/8/2017 5:02 PM, David Farmer wrote:
I've been asked some questions about how campus border policy (traffic
policy as opposed to route policy) is controlled at other institutions. So,
I'm interested in answers to the following questions;

1. Who determines border policy? What roles do other teams play in
determining border policy?

Policy is primarily our Security group, with consultation from network engineering


2. Who implements border policy changes?

Network engineering

3. Is you border policy implemented in a router (presumably stateless) or
firewall (presumably stateful)?
Stateless filtering at the border routers, stateful and application by border firewalls.


4. Is border policy regularly reviewed? By who? How often?
No, but I would recommend it. There are exceptions in our filter list that go back over 10 years. If there is a request to block either a prefix or application, there should be a time limit for removal, unless it really needs to be permanently blocked. Then, any exceptions should be regularly reviewed.

5. How are exceptions handled?
A request and review process handles changes to existing policy.

6. Is there formal documentation of your border policy?
Maybe, but I"m not aware of it :)

7. Recommend list of things to include in a border policy?



Thanks



Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


Archive powered by MHonArc 2.6.19.

Top of Page