ITS is responsible for the management of the enterprise network firewalls. In order to properly maintain the security of the Carleton University network infrastructure, the configuration of rules on ITS-managed network firewalls must be properly maintained.
Firewall Rule Change Request Process
Changes to the rule configuration of ITS-managed firewalls must follow the procedures described here.
- The requestor will complete the Firewall Rule Change Request Form here.
- A Jira ticket is generated and assigned to Information Security.
- Information Security will review the ticket and Firewall Rule Change Request Form. If required, Information Security will coordinate with the Requestor.
- If Information Security approves the request the ticket will be assigned to the Security Operations Centre for implementation. If the request is denied, Information Security will notify the requestor and close the ticket.
- For approved requests, the Security Operations Centre will implement the request. If needed, the Security Operations Centre will contact the Requestor and/or Information Security.
- Upon completion of the request, the Security Operations Centre will close the ticket.
Web Server Registration
ITS provides a service to register web servers run by Staff or Faculty. Depending on the Local Area Network (LAN) on which the Staff or Faculty-run web server is located, it may not be ‘visible’ from the Internet.
The ITS Web Server Registration Service provides a means to request that University firewalls be opened to allow a specific computer to be accessible from the Internet.
- Staff and Faculty who wish to run web servers as described above should contact the ITS Service Desk. They will need the IP address and/or node name of the web server, as well as a brief explanation of the need for this server.
Mail Server Registration
In addition to allowing a mail server to be ‘visible’ from the Internet, the ITS Mail Server Registration Service also addresses opening firewalls to allow mail servers to send mail directly to the Internet. The ability to send mail to the Internet on Port 25 is blocked by default at Carleton to reduce SPAM originating from the University’s domain.