Highline College

Connect with Highline College

Winter quarter starts January 6. View the class schedule and enroll today for the best selection of classes.

2.9 Firewall Rule Standard

Home/IT Security/IT Security Policy/2.9 Firewall Rule Standard
2.9 Firewall Rule Standard 2024-03-25T12:18:16+00:00

2.9 Firewall Rule Standard

 

2.9.1. Overview

See Purpose.

 

2.9.2. Purpose

This document describes a required minimal security configuration for all firewall rules used in a production capacity at or on behalf of Highline College.

 

2.9.3. Scope

All employees, contractors, consultants, temporary and other workers at Highline College and its subsidiaries must adhere to this standard. All routers and switches connected to Highline College networks are affected.

 

2.9.4. Standard

2.9.4.1 Ingress Rules

All ingress ports/services shall be closed by default.

  • Policy rules will allow only the services necessary for the server/network device or group.
  • When a service based rule isn’t possible, the port may be opened.

2.9.4.2 Egress Rules

All egress ports/services shall be open by default.

  • Individual services/ports may be closed on a case by case basis.

 

2.9.5. Compliance

2.9.5.1 Compliance Measurement

ITS will verify compliance to this standard through various methods, including but not limited to, periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the standard owner.

2.9.5.2 Exceptions

Any exception to the standard must be approved by ITS in advance.

2.9.5.3 Non-Compliance

An employee found to have violated this standard may be subject to disciplinary action, up to and including termination of employment.

 

2.9.6. Related Standards, Policies, and Processes

None.

 

2.9.7. Revision History

Date By Summary