Skip to main content

Northwestern IT Workstation Firewall Implementation

Project Status

October 2018: In consideration for the start of the academic term, Cyberinfrastructure (CI) will begin the begin the second and final phase of the project on Monday, October 8, 2018. 

Timeline

Project Charter

To improve the security posture of Northwestern IT, CyberInfrastructure (CI) is implementing a new security service to protect Northwestern IT workstation networks from other on-campus and off-campus networks.

The new security service uses a next-generation firewall to protect IT workstation networks from security threats such as malware and viruses and also protect IT workstation networks from unnecessary unsolicited inbound connections from on- and off-campus networks.

Goals and Objectives

Approach

IT workstation networks will be individually scheduled to be incorporated into the new security service. Devices in your area requiring unsolicited inbound connections will be moved to new networks that allow unsolicited inbound connections while also receiving network-level protection from viruses and malware. Firewall Implementation ScheduleNetID authentication required.

The rollout of this service will be divided into two phases. Prior to each phase, information sessions will be hosted to give individual IT departments the opportunity to ask questions regarding the project.

Phase 1:  Enable Advanced network threat protection

Advanced network threat protection will be enabled for Northwestern IT workstation networks. The advanced network threat protection will inspect and filter any network traffic that has been identified to be associated with malware, viruses, or other malicious network traffic.

Phase 2:  Prevent Unsolicited inbound connections to Northwestern IT networks

DUIT (Deny Unsolicited Inbound Traffic) will be enabled for Northwestern IT workstation networks. This phase will prevent unsolicited inbound connections to IT workstation networks including those from on-campus networks. More about DUIT

The following unsolicited inbound connections will be allowed:

Develop a Test Plan

Each group is encouraged to develop a test plan that contains a list of programs and services used as part of their assigned tasks that rely on network connectivity. After the migration, groups will use this plan to verify that their services and programs work as expected. Firewall Services and RulesNetID authentication required.

CI staff are available to assist teams in creating their test plans. Request assistance.

Project Timeline

Below is the overall project timeline. To see the timeline for the firewall implementation by network, visit Firewall Implementation ScheduleNetID authentication required.

Phase  Description Status Target Completion Date
1 Enable Advanced network threat protection for Northwestern IT networks August 8, 2018
2 Prevent Unsolicited inbound connections to Northwestern IT networks October 10, 2018

Last Updated: 11 October 2018

Get Help Back to top