Because the University does not have a firewall, it is necessary to use Access Control Lists (ACLs) to filter certain types and sources of network traffic.
This policy is designed to provide the framework for configuring and applying Access Control Lists to network convergence points.
This policy impacts OIT staff members who are responsible for the design and implementation of the data network.
Access control lists should be configured in such a way that they are able to block as much malicious traffic as possible, while being as transparent as possible to the end user. The ACLs applied at the network edge should filter, at minimum, the following types of network traffic:
- RFC 1918 (Private Network) Addresses
- Loopback addresses
- Broadcast Addresses
- Reserved IANA addresses
- Link local addresses
- Class E Networks
- WINS, NetBIOS, MS RPC, NFS and SMB traffic
- rsh, rlogin and rcmd traffic
- LDAP, time, tftp, finger, ldp, and syslog traffic
- ResNet SMTP services
Because of our desire to remain transparent to the end user, all ACLs will be posted for campus viewing.
Failure to follow this policy will result in the offender(s) being subject to disciplinary action up to and including a formal written letter of corrective action.
22.214.171.124/24 – The administrative subnet used for privileged access to IT resources
7.0 Revision History
Draft Policy v0.1 – 06 June 2005 – jfiske
Draft Policy v0.2 – 09 January 2006 – jfiske
Draft Policy v0.3 – 10 February 2006 – jfiske
Approved Policy v1.0 – 4 November 2013 – jfiske