Rick Bilonick wrote:
Here are some additional details. The local IT for the data center has no central firewall. Each computer is on it's own and has to run a firewall. (The data center could use a firewall but it would have to be maintained by the university - and the data center doesn't want to have to deal with the university running a firewall for them.) Also, all the printers are available to anyone who knows their IP address - they don't sit behind any firewall. (This is SOOOO different from my previous position in the corporate world where all the computers and printers were behind a firewall.)
This sounds so much like university setting. Everything wide open. And so much rules that are setup for sole purpose of having excuses if/when something goes wrong. Releying on only end-machine firewalls that any user can turn off with a click of a mouse first time something doesn't work. That's ridicilous. A single departmental firewall would make their network so much more secure, than all the rules you described so far. But then, running firewall requires some knowledge. Making rules that are ment only to cover your ass doesn't require any real technical knowledge ;-)
-- Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7