Proposal to add a best-practices layer of security on our network (ACLs).

Process outline

• PhysIT rep(s) meet with Physics staff John invites to learn and discuss the proposal.
• Perhaps host discussion during one of John's and Oliver's weekly meetings.
• Discuss rationale, pro's, con's, considerations, and otherwise address concerns and answer questions.
• Adjust proposal with any new information from the discussion, along with solidifying a time-line as appropriate.

To do's

• Characterize purpose of proposal. Positive outcomes expected (insurance).
• Identify any cons to be addressed. Negative impacts, if any.
• Work out process of approval.
• If approved, agree on implementation process and timing.
  • Once change is submitted by ChemIT, often takes IT Security less than an hour to implement.

Proposed email text

PhysIT will be implementing a new firewall on the Physics Administrative network, which will block remote network connections to Physics computers. The goal of this firewall change is to reduce the vulnerability of computers in the Physics Administrative area to hacking/viruses from around the world.

How this potentially affects you?

1. We anticipate that very few people will be affected by this. This is not changing people’s access to the internet, but simply blocking people from attacking Physics computers remotely.
2. If you are running a server, please contact PhysIT for assistance. We can work with you to make sure your needs are met.
3. Cornell VPN will be required if you need remote access. You can read about the Cornell VPN service by looking at <http://www.it.cornell.edu/services/vpn/>.

If you have any questions or concerns about this change, please contact PhysIT@cornell.edu.

===========================