Skip to main content

ISO SecOps Windows Template Rules

Attention Application Owners & Rule Delegates

The following set of firewall policies, referred to as "Template Rules", are provided for administrators of AS owned/managed servers that require a specific set of source hosts/nets and services allowed for administration.

When applying these Template rules, please consider any additional necessary "custom" policies to guarantee the inbound or outbound connectivity that servers will require. Those "custom" policy requests can be made via the Firewall Rule Request form.

Please contact the Firewall Team (firewall-team@lists.stanford.edu) with any questions.

Firewall Template Rules

Traffic Inbound to the Firewall

From To Ports Description
iso-secops-windows-pbh destination_host tisw_pbst Personal Bastion LightsOut
secops-bigfix-ring0 destination_host tisw_bigfix BigFix Services
secops-ossec destination_host tisw_ossec OSSEC Services
as-idg-nagios-monitoring destination_host tisw_nagions Nagios Monitor Services
g_su_admin_nets destination_host IPSEC IPSEC Services

Traffic Outbound to the Firewall

From To Ports Description
source_host(s) g_su_dns_servers g_dns Campus (anycast) DNS services
source_host(s) g_su_dhcp_servers DHCP Campus DHCP services

Address, Service & Object Definitions

Group Members

Address & Address Groups
iso-secops-windows-pbh 171.67.47.160/28
secops-bigfix-ring0 bigfixinfra | 171.64.7.188
secops-ossec ossec1 | 171.67.33.178
ossec2 | 171.67.33.179
as-idg-nagios-monitoring nagios01 | 171.67.217.115
nagios02 | 171.67.217.114
g_su_admin_nets Stanford Campus networs excluding the Residence networks
g_su_dns_servers Stanford (anycast) DNS servers
g_su_dhcp_servers Stanford (campus) DHCP servers

Service & Service Groups
tisw_pbst TCP: 135, 139, 445, 1311, 2179, 3389, 4900-5000, 5985-5986
UDP: 135, 139, 445
tisw_bigfix UDP: 52311
tisw_ossec UDP: 1514
tisw_nagios TCP: 5666

Roles

Template Owner 

Responsible for determining, maintaining and modifying the template rules and membership of the different server groups. The application owner is notified regarding any changes to the template.

Current Template Owners:

  • Ping Wei
  • Stacy Lee
  • Jeremy Tavan
  • Adam Todd
  • Todd Boyden

​System Administrators

Request rule approval from the application owner.

ISO Security

The ISO group will audit the rules and make recommendations as needed or upon request from either the System Administrators or the Application Owners. In addition, any changes to this template must be reviewed by ISO prior to implementation.

 

Last modified