The University of Kansas School of Medicine - Wichita develops and maintains appropriate mechanisms to protect the confidentiality, integrity and availability of its computerized data and information resources. Many threats against University systems originate from external sources. To control traffic from the public Internet, the University maintains a firewall at the network perimeter.
Demilitarized Zone, a special network zone for public servers. The DMZ is both a logical and a physical location.
Security device used to block unsafe network traffic.
Computers and associated devices connected to the University’s central communications line.
Boundary established by the firewall between the University's network and the Internet.
Approved server that provides services to the general public. Examples include central web servers, domain name servers, and the campus FTP server.
Computer that provides services to multiple users or other computers.
Virtual Private Network, an encrypted, authenticated, trusted connection from an external site to the University network.
The firewall is configured according to the following policies:
University computers may initiate connections to the Internet. Subsequent traffic between the University computer and the external site is permitted through the firewall.
Inbound traffic to public servers
External computers may initiate connections to public servers in the University’s DMZ. Subsequent traffic between external computers and the University’s public servers is permitted.
Inbound traffic to internal computers
Workstations and internal servers are protected by the University firewall, and are not visible from the Internet by default. Inbound connections to internal computers are permitted only through VPN. Request must be approved by IT Services.
Use of VPN software is required to
• Connect to internal computers from an external site in support of the University's mission of teaching, research, and public service
• Connect to external sites in support of University-related business
• Connect authorized users to computers from an external site