Prince Sultan University PSU
Policy Management System
Firewall Policy
Policy Code: | IT0011 |
Policy Title: | Firewall Policy |
Owner: | Information Technology Center |
Responsible Office/Department: | Vice President for Academic Affairs |
Approved by: | University Council, ISO |
Date Created: | February 02, 2017 |
Recent Review: | |
Effective date: |
POLICY STATEMENT
PSU’s ITC controls a firewall to improve security between the internet and the PSU network. It is a key component of PSU IT security infrastructure.
BACKGROUND AND JUSTIFICATION
In the evolving digital landscape, the increased threats from malicious actors and unauthorized access necessitate robust defenses. Firewalls stand as critical barriers, filtering traffic between trusted internal networks and potential external threats, ensuring data and operational integrity.
SCOPE AND PURPOSE
The policy applies to all PSU ITC network users: employees, partners, systems, applications, and networks.
A firewall is an essential component of securing an organizational network and its infrastructure. It protects the infrastructure from external threats and for illegitimate usage of organizational resources. This policy is designed to protect the PSU IT infrastructure from external threats
PRINCIPLES OF THE POLICY
The Firewall permits the following for outbound and inbound Internet traffic:
- Outbound - Allow ALL Internet traffic to hosts and services outside of PSU network with the exception of known security vulnerabilities. This allows anyone connected to the PSU Network to utilize all services on the Internet with the exception of known vulnerabilities.
- Inbound - Only specific services which support PSU business mission will be allowed to be accessed from the Internet. The chart identifies the most common services used for Internet communications within the PSU network environment. The following is a limited explanation for each column:
- Server Functions and Services - This a listing of the most common Internet services used on the organization file servers to support the mission and business of the organization.
- Organization Network to Internet - All traffic originating from organization computers to an external host has no firewall policies applied except for known security vulnerabilities which are described in the chart.
DEFINITIONS
- Campus Network: All the computers and devices connected at the university, including classrooms, offices, and dorms.
- Firewall:A digital gatekeeper that decides what online traffic can come in or go out of the university's systems.
- Rule Set:Instructions the firewall uses to decide on allowing or blocking online traffic.
- User:Anyone, such as students or faculty and staff, using the university's network.
- Endpoint:Devices like computers or smartphones connected to the university's internet.
- Whitelisting & Blacklisting: Approaches to either allow only specific approved sites (whitelisting) or block certain sites (blacklisting).
- Threat Intelligence: Knowledge about online threats to help protect the university.
RESPONSIBILITIES AND IMPLEMENTATION STRATEGIES
PSU ITC is responsible for implementing and maintaining the organization network perimeter firewall. However, all employees in an organization are responsible for information security on daily basis.
Only firewall administrators are allowed to logon to the firewall and make changes to the firewall access rules, software, hardware or configuration.
By default, the firewall will be configured to deny any service unless it is expressly permitted.
Regular tests of the firewall will be carried out.
There must be an active auditing/logging mechanism.
Firewall security policies are to be reviewed continuously in order to be protect the infrastructure from any recent threats.
PROCEDURES FOR HANDLING POLICY VIOLATION
- Incident Detection:
- Utilize automated tools and logs to detect any unauthorized changes or breaches related to firewall configurations.
- Encourage employees to report any suspicious activities or inconsistencies.
- Immediate Containment:
- Once a violation is detected, temporarily revert the firewall to its last known secure configuration to prevent further potential breaches.
- Incident Reporting:
- Document the specifics of the violation using a standardized incident report form.
- Inform the designated IT security team and other relevant stakeholders.
- Incident Assessment:
- Investigate the nature and scope of the violation: Was it an unintentional mistake, a systemic flaw, or a malicious act?
- Identify any potential data breaches or compromised systems resulting from the violation.
- Notification:
- Notify the individual or department responsible for the violation.
- If the violation has led to a data breach, ensure that legal and compliance teams are informed to determine if external notifications (to customers, regulatory bodies, etc.) are required.
- Rectification:
- Correct the violation by restoring appropriate firewall configurations.
- Ensure that any compromised systems are cleaned, patched, or replaced as necessary.
- Sanctions:
- Depending on the severity and intent of the violation, apply appropriate disciplinary actions, which can range from warnings to termination or legal action.
- Review and Update:
- Analyze the incident to understand how the violation occurred and how it went undetected.
- Adjust the firewall policy and its procedures based on lessons learned to prevent similar incidents in the future.
- Training and Awareness:
- Organize refresher training sessions to emphasize the importance of adhering to the firewall policy.
- Highlight potential consequences of violations to underscore the significance.
- Ongoing Monitoring:
- Enhance continuous monitoring mechanisms to detect and prevent future violations.
- Regularly audit firewall configurations and related activities for compliance with the policy.