Shared Firewall Rules Overview

The Shared Firewall Service offers a common set of rules and profiles to provide basic firewall coverage for user networks, including workstations and printers. The rules, maintained by the Information Security Office (ISO), allow access typically needed for client systems using the network for academic and administrative purposes. Most outbound communication to the campus and the larger internet is allowed, with exception of blocking threats such as malware downloads and known phishing sites. Inbound network connections are restricted to scans from ISO managed vulnerability scanners, printer support from the managed printer service, workstation management from ITCS and EOS, printing, and common remote access tools from the campus network (including eduroam and the VPN). This means the shared firewall does not support servers (web, file sharing, etc.) and IoT devices that require connections initiated from outside of the Shared Firewall.

Additionally, the network traffic going through the firewall is monitored for signs of malicious activity. This includes accessing websites known to host malware and phishing campaigns, testing files crossing the firewall for both known and unknown virus behavior, blocking traffic meant to exploit many important vulnerabilities, and looking for other signs of compromised computers.

This firewall provides a basic level of security for the average user and is a good starting place for any new user network on campus. For those departments dealing with significant amounts of sensitive P4 data, ISO also provides a higher security, Managed Firewall Service. This is similar to the Shared Firewall Service, but goes farther in isolating the department from others, can be customized slightly to the needs of the unit, and also has a lower threshold on what sorts of malicious traffic to block.