Overview
A Firewall is a network security system that monitors the network traffic and establishes a barrier between the network and incoming traffic. Firewall permits or blocks data depending on its type in order to reduce the risk of any potential virus spread or intrusions (hacking) of the university network.
Types of Firewalls
There are four types of firewalls available from ITS:
- Next Generation Firewall
The Next Generation Firewall (NGFW) service is part of the university’s overall information security framework. The NGFW protects university information assets from cybercriminals and stops threats to the network through the application of content inspection, cloud-based threat intelligence, and malicious software analysis. The platform provides consistent protection and enhances the university’s information security efforts. - Distributed Firewall
The Distributed Firewall service is designed to protect and prevent malicious traffic in the MiServer virtual server environment. - Data Center Firewall
Data Center firewalls are designed to protect specific network activities to and from specific projects, systems, and information housed in university data centers (e.g., sensitive research projects, Wolverine Access transactions, MiServer instances, and others). - Custom Unit Firewall
Campus units requiring additional firewall security for specific business activities and transactions can work with ITS to design, implement, and maintain custom firewalls. Custom firewalls can be administered by unit IT professionals or ITS. Custom firewalls can support point-to-point tunnels, packet inspections of inbound or outbound traffic, and full-featured event logging. Firewall training is available for unit IT staff from the UMnet Administration team. UMNET-NSO can also provide recommended vendor courses.
Usage Models
There are three service models:
-
ITS Controlled
In this model, Information and Technology Services (ITS) manages and supports the firewall entirely. A best practice security model is applied to align with University of Michigan standards. -
Unit Controlled
In this model, units manage and operate their own unit firewall. Unit IT staff have administrative accounts, access to conversion tools, and best practice guidelines. Any rules and objects are unit created. This delegates control and responsibility to the unit. -
Hybrid Model
In this model, ITS maintains top administrative access with an option for unit IT staff to create unique policies. Unit staff and ITS have the ability to run reports, create or delete policies, and ensure best practice security.
Firewall Service
Firewall services, designed and maintained by ITS, are available to all U-M units and departments. If you would like to initiate a new firewall service for your unit, please reach out to ITS Network Security Operations (NSO) at [email protected]/call 734-647-4200 or your unit's Project Manager to schedule a consultation.