Firewalls and the School of Medicine
The School of Medicine Firewall
The School of Medicine, in collaboration with University IT, maintains firewalls to increase the security of your computer, and of the University, as well as to comply with federal and state requirements. The majority of computers on the Stanford network have firewalls that are set by default to refuse all connections initiated from outside of Stanford University’s network. If different access rules are required in some cases, the School of Medicine Information Security group approves and configures access for School of Medicine departments and associates.
How do I request to add or change a rule?
If you are responsible for a computer on the school’s network that provides Internet services like a web server, FTP server, or file server to an off-campus computer, please let us know so we can configure the firewall to accommodate these services. Keep in mind that the on-campus residence halls are considered off-campus, so connections from here will require use of the University's VPN service or an exception to the firewall.
To request a change for a computer that is not a server: Please file a HelpSU ticket, with the name of the system that needs an exception set, the IP address, and any specific ports you need open for this system. We would also ask that you remember to let us know when you no longer need this exception implemented, so we can disable it accordingly.
To request a change for a server: Please create a record for it in SUSI (Stanford University System Inventory) first, then file a HelpSU ticket, confirming that it's been inventoried; also let us know the name of the system in question, the IP address, specific ports you need open, and who/what needs access to the server. Again, please let us know when you no longer need this exception implemented, so we can disable it accordingly.
In order to keep firewall rules secure, organized and up-to-date:
- If your computer has not been seen on the Stanford network for more than 90 days, the firewall rule for that IP address will be removed.
- If your IP address is not in NetDB, the firewall rule for that IP will be deleted.
- If a rule needs to be re-instated, simply file a HelpSU ticket again.
How long will it take to implement a rule change?
Rule changes will be implemented within three business days, unless the request is urgent. For our purposes, "urgent" is defined as follows:
- A problem is urgent if it causes complete loss of service to the production environment; work cannot reasonably continue. Workarounds to provide the same functionality are not possible and cannot be found in time to minimize the impact on business. The problem has one or more of the following characteristics:
- A large number of users cannot access the system.
- Critical functionality is not available. The application cannot continue because a vital feature is inoperable, data cannot be secured, backed up, etc.
Are there any other options instead of a rule change?
YES! If you are using the University's VPN service, you can use it to access School of Medicine systems from off-campus without need for firewall exceptions. VPN is your ideal solution for intermittent remote access (e.g., accessing your server or workstation resources while away from campus). For additional help, contact IRT at irthelp.stanford.edu or 650-725-8000 (M-F, 7a-6p). You can also visit us at the Stanford Medicine Tech Bar on the ground floor of Lane Library (M-F 8a-6p).
What is a firewall?
Firewalls are an important part of the security infrastructure. A firewall is a barrier that protects a network or computer. Like the physical wall that is used to keep destructive fires from spreading from one area to the next, an electronic firewall keeps unauthorized users like hackers from spreading their destructive material onto your network or computer.
How do firewalls work?
A firewall protects a network or computer by carefully inspecting each piece of information passing into and out of the network, filtering it based on a specific set of rules. These rules tell the firewall whether to reject or approve access to the network or computer, keeping out unauthorized users who may want to corrupt the information stored behind the firewall.