Concerns about computer security dominate today's IT environment. But security is a broad subject encompassing many different areas. Properly securing a network involves the consideration of many aspects, and indeed the act of securing a network can never really be considered to be completed. It is an ongoing process.
The NSMS team offers a multifaceted security service, including the provision of a number of security-related services that can assist in the ongoing protection of your network. One of the key services is the provision of a firewall.
The Oxford University firewall primarily operates on a default-allow basis - essentially allowing all traffic in from outside, except that which has been explicitly blocked. While this serves to prevent many attack vectors on university hosts, it is not as secure as the alternative policy - to block all traffic except that which is explicitly allowed. This is a key reason for installing firewalls at the local level (either at the departmental gateway or on a host-by-host basis).
NSMS maintain a number of firewalls for colleges and departments around the university. Once a requirement for a firewall has been established, we will recommend a specific firewall model and configuration, after detailed discussions concerning network configuration and security requirements. Where the customer isn't certain about their network configuration and/or needs, we will investigate and make appropriate recommendations.
- We will install the firewall hardware and maintain the implemented rule-set for you.
- There will be ongoing firmware updates made available from the firewall manufacturer. We will evaluate these updates and install them for you, if appropriate.
- Real time monitoring of the firewall ensures that we will respond promptly if there is a problem. Local IT staff will be informed throughout.
- NSMS will carry out a daily backup of the firewall configuration files. As such, we can roll back the system to a previous configuration, should it be necessary.
- The firewalls log traffic to a central syslog server hosted at OUCS. This means that there is an archived audit trail, which we can make available to you.
- We will configure and replace the hardware in the event of failure of the firewall.
For current charging information for this service see our Firewall Management charges page.