home Future Students Current Students Faculty and Staff Business and Community Online Courses
 
Firewall Operating Procedures

Purpose

The purpose of this document is to formally establish a set of procedures and strategies in the deployment and configuration of all network firewalls that protect MCC data and process MCC network traffic. Federal laws, state statutes, and contractual obligations protect some MCC information from unauthorized use or disclosure. The exposure of sensitive information could subject MCC to fines or government sanctions. The unavailability of information assets impairs MCC’s ability to do business and/or exposes MCC to asset losses. 

 

Scope  

All users of MCC systems are responsible for the protecting resources and the information processed, stored or transmitted as set forth in this Information Security Program.

 

General:

  1. Network Connections

All external and wireless connections to MCC networks and demilitarized zones (DMZs) must pass through a network firewall. Any changes to an external connection or to the configuration of the firewall must be adequately tested and documented according to the ITS Network Firewall Standard.

  1. Dedicated Functionality

Network firewalls used to protect MCC networks must run on single-purpose devices.

    • These devices must not run other services, such as acting as a web server.
    • Each network firewall must have a rule set specific to its purpose and location on the network, in accordance with the Firewall Standard.
    • Each network firewall must follow the Firewall Change Control Process.
  1. Regular Auditing

An audit of the network firewall configuration and rulesets will be conducted on a quarterly basis. These audits must also include vulnerability scanning. Firewall and PCI network component log reviews will be conducted regularly.

  1. Network Firewall Physical Security
    • All MCC network firewalls must be physically located in the ITS data centers.
    • These secure spaces must be locked at all times. All physical access to secured spaces will be automatically logged. All visitor access to the secure space must abide by the Data Center Procedure Memorandum.

 

Version

Date

Approver

Change Description

1.0

8/15/2011

Information Security Steering Committee

Initial construction

1.0 8/13/2012 Information Security Steering Committee Annual Review

Back To Technology Procedures

Top

 
 
 
Contact Us