Text Size Default Text SizeDefault Text Size Large Text SizeLarge Text Size Largest Text SizeLargest Text Size Print Print this Page

Policy 6130

Firewall Policy

I. Purpose 

This policy provides the configuration, maintenance, control and monitoring of enterprise-wide firewall technology used to safeguard the university's information technology (IT) resources and systems.

II. Definitions 

  1. Firewall Technology: Any combination of network hardware, network software and host-based software used within an organization to prevent unauthorized access to system software or data.
  2. Outbound connection: An outbound connection allows university network users to utilize Internet services.
  3. Inbound connection: An inbound connection allows Internet and external IP network users to reach the university's networks.

III. Policy 

  1. Longwood's enterprise firewall technology provides a degree of separation between layers and prevents unauthorized access from a less trusted layer to a more trusted layer.

    From outermost (least trusted) to innermost (most trusted), the layers are:
    1. Internet and other external IP networks
    2. Perimeter networks (varies according to level of trust)
    3. Internal network (the most trusted network)
  2. Firewall technology will inspect network traffic to determine if the requested connection should be permitted or denied.
    1. Outbound connections (more trusted to a less trusted layer) are generally permitted by default.
    2. Inbound connections (less trusted to more trusted layer) are denied by default.
  3. The system administrator of a system located on a more trusted network may request in writing a firewall "rule" to allow access (inbound connections) from a system on a less trusted network to a more trusted network. Information and Instructional Technology Services (IITS) must approve all rule requests.
    1. Temporary or testing access requests must include a reasonable expiration date not to exceed 30 days at a time.
    2. Requests for access to student owned systems will be valid for only one academic year at a time and will be automatically removed each May after graduation.
    3. Requests for access to faculty and staff systems from the Internet are not allowed. 
  4. Firewall technology will be configured to use system logging.
  5. Daily operation and maintenance of firewall technology will be the responsibility of IITS.
  6. IITS will review firewall configurations annually or in the event of a situation warranting review of the configuration. Examples of such situations are (but not limited to):
    1. The implementation of major enterprise computing environment modifications.
    2. Any occurrence of a major information security incident.
    3. New applications are being considered or applications are being phased out or upgraded.
  7. The Information Security Officer or his or her designee reserves the right to review, modify or revoke any rule requests or configuration changes at his or her discretion.

IV. Enforcement

The university regards any violation of this policy as a serious offense. Violators of this policy are subject to disciplinary action, in addition to possible cancellation of IT resources and systems access privileges. Users of IT resources and systems at Longwood are subject to all applicable local, state and federal statutes. This policy does not preclude prosecution of criminal and civil cases under relevant local, state, federal and international laws and regulations.

Approved by the Board of Visitors, September 15, 2006.
Revised and approved by the Board of Visitors, September 12, 2008.
Revised and approved by the Board of Visitors, September 11, 2009.
Revised and approved by the Board of Visitors, September 14, 2012.