A strong network perimeter shields the campus from external attacks. This is the layer that has seen the most significant work this past year, including the installation and deployment of a next generation firewall by the Network Infrastructure team – a major step forward in terms of our overall security posture. It combines traditional firewall functionality with additional proactive security capabilities:

• intrusion prevention;
• malicious URL blocking;
• improved visibility into potentially risky services being utilized on campus; and
• ability to block known-bad traffic based on risk (e.g., BitTorrent blocking).

The new infrastructure offers a VPN (virtual private network) connection that is 100 times faster compared with the previous infrastructure.  

In addition to the next generation firewall, more work was completed this year to further secure our network, including the replacement of our email security solution, completed by the Applications & Project Management Team. This resulted in an upgrade to our current mail filtering system with a cloud-based solution from Cisco, providing enhanced features and scalability. We partnered with the School of Engineering and School of Computer Science to move them to private IP address spaces to ensure that devices in these areas are no longer directly accessible from the internet and thus no longer at risk from direct external attack. We moved CCS to a private IP address space as well.