Information Security Standards



A firewall is the first line of defense against unauthorized or malicious access to Texas A&M University-Commerce information resources. It is important to ensure that firewalls protecting University information resources are correctly configured. This procedure provides users information on both host-based firewalls and requesting exceptions to the campus-wide firewall.


This procedure applies to all University information resources. The purpose of this procedure is to provide a set of standards for how firewalls are configured to protect University Information Resources.


1. The campus-wide firewall operates on a default-deny policy.

2. The university network is separated into multiple VLANs. Each VLAN has a designation of whether new inbound connections are allowed or not.

a. In a VLAN designated for servers, inbound and outbound connections are allowed on a port-by-port and host-by-host basis.

b. In a VLAN designated for clients, inbound connections are not allowed, but outbound connections are minimally restricted.

3. Host-based firewalls should be used on servers to restrict access from computers within the University network.


The following ports are generally approved for public usage:

1. TCP/80 (HTTP/Web Servers)

2. TCP/443 (HTTP with SSL or TLS)


The following ports are approved only in specific cases, with restrictions on the remote IP address

1. TCP/22 (SSH) - (Restricted to a single IP or small network block)

2. TCP/21 (FTP) – (Restricted to a single IP or small network block, unless using TLS)


Updated October 15, 2013

Last Updated March 31, 2014