Firewall Modification Request Instructions
advertisement
Firewall Modification Request Instructions Information Technology Services Form Instructions ITS-8812-I Rev D 4/24/08 1 Page 1 of 2 Purpose Campus network firewalls rules are in place to help in managing the level of service, protecting against intrusion, providing adequate bandwidth for specific applications, and enabling rapid recovery after a loss of service. To request an exemption to the network firewall rules for new applications, requestors and Information Technology Consultants (ITCs) should follow the instructions below to complete and submit Firewall Modification Request form to Information Technology Services (ITS). 2 Instructions a) Obtain the Firewall Modification Request form online at www.calstatela.edu/its/forms/ITS8812_FirewallModReq.doc. If this website is unavailable, go to the ITS Help Desk (LIB PW Lobby) for a printout of the request form. b) Enter all the information requested and obtain the required approvals. c) Submit the completed Firewall Modification Request form to the ITS Help Desk (LIB PW Lobby). The form will be forwarded to the appropriate ITS network and security personnel for review. The requestor and ITC should receive a response to this request within two business days. 3 Examples APPLICATION INFORMATION: Field 1-2: Enter the title and publisher of the software, not a nickname or generalized type of software. E.g., Correct: “Microsoft Excel.” Incorrect: “a spreadsheet.” Field 3-4: Specifically explain the purpose of this application and the outcomes you need to achieve. Do not be vague. Acceptable Response Examples: “This application will be used on the server located in King Hall to create an interactive teaching environment so that students access it from their home computers.” Or, “This application will be used to established access to a departmental database, which needs to be secured to adhere to HIPAA requirements.” Or, “This application will establish virtual cash registers on certain workstations, all of which will need to be secured as required by the federal Gramm-Leach-Bliley Act.” Unacceptable Response Example: “This application is for my class so I can teach my students.” Field 5: ITS will not put the campus at risk by making an application available over the network without the proper licensing. If you plan on obtaining a license, note the date by which the license will be obtained. Your request will be denied if this field is blank. Field 6: If this application will be used only temporarily or for a short duration, check Temporary and enter the date the application will no longer be needed (i.e., termination date). Otherwise, check Permanent. Field 7: Enter the type of information (files) being transmitted by this application. Examples: music, graphs, databases, text, etc. Field 8: List all the file extensions generated by and transferred to this application. Be specific. Examples: doc, pdf, psd, wpd, wav, jpg Field 9: Check the access requirements for the system. Make sure to check all that apply and include location information or server name. If you want to make your application available to various buildings, note all the buildings’ names. For example: Open Access Lab(s) in the Salazar Hall building. Omissions will result in your request being denied. Firewall Modification Request Instructions Information Technology Services Form Instructions ITS-8812-I Rev D 4/24/08 Page 2 of 2 Field 10: If access to this application needs to be authenticated (i.e., if users need IDs and passwords before being granted access), check Yes. Otherwise check No. Field 11: If this application will generate and/or store sensitive, personal, proprietary, or confidential information, check Yes. Otherwise, check No. For an explanation of sensitive, personal, proprietary, confidential information, and other security considerations, read the User Guidelines for Securing Offices, Workspaces, and Documents online at the ITS Polices and Guidelines website (www.calstatela.edu/its/itsecurity/guidelines). Field 12: If you checked Yes in Field 11, describe how you will secure the sensitive, personal, proprietary, and/or confidential information, as well as how you will secure the access to it. Field 13: If this is a new application to the campus, check Yes. Otherwise, check No, and indicate who else or what other department is already using this application. NOTE Knowing if this application already is being used by others on campus will help in evaluating and processing this request. CAMPUS SYSTEM INFORMATION Field 1: Enter the hostname of the system which will run this application. Field 2: Enter the name of the person responsible for this system. Field 3: number. Enter the location where the system will be housed and note the building and room Field 4: Enter the names and departments who have access to the equipment location. For example: college ITC name, department staff names, custodial staff, department manager names, etc. Field 5: To monitor network usage and detect network anomalies on systems that may pose a risk to campus resources, it is necessary to know if a system is on a set operating system and application patch schedule. Systems must be on a patch management schedule to be connected to the campus network. NETWORK INFORMATION Source IP addresses, source ports, destination IP addresses, destination ports, and the application protocol are required to define a firewall policy. Enter the IP Address(es) of the source and destination system(s) running the application. To get the IP Address(es) run “nslookup hostname” from a Windows or Unix command prompt where “hostname” is the name of the source and destination hosts. To identify the source and destination ports required by the application, run a port scan on the source and destination hosts, or request the information from the application publisher. To get the application protocol information, you must have access to the application server. Run “netstat –a” at the command prompt from the application server. Look for the application port located in the second column labeled “Local Address”. When you locate the application port, the protocol will be listed in the first column labeled “Proto” directly to the left of the “Local Address” column. 4 Contacts Director, IT Infrastructure Services (323) 343-2600, itinfrastructure@calstatela.edu Director, IT Security and Compliance (323) 343-2600, itsecurity@calstatela.edu ITS Help Desk (323) 343-6170, helpdesk@calstatela.edu
