Service category: Information security

The kizbox is a central, profile-based firewall that is available to all University facilities. It is used to securely separate and protect the network areas of individual institutions from each other and from external networks.

The protection is VLAN-based: Either a single VLAN or a group of VLANs is treated uniformly. Communication is permitted within a VLAN group, while data traffic between different devices is regulated according to the assigned firewall profile.

For reasons of scalability, the kizbox does not support fine-grained firewall rules at host level. Instead, predefined firewall profiles are used that cover typical use cases and can be assigned per VLAN. It is possible to assign different profiles for individual hosts.

Available firewall profiles (selection)

Standard ("Established In")
Incoming data traffic is blocked if there is no previously initiated connection from the inside. Users can also access internal services from the VPN. This profile is the standard for most organisations.

Open
For hosts on which services must be fully accessible from the internet. In this case, security is provided exclusively via the host firewall.

Port shares
Profile with predefined, frequently required port shares. Individual port releases are not provided. If a port is needed regularly, it can be added as a "Common Use Case" if required. Otherwise, the Open profile should be used.

A current overview of all available profiles can be requested from the Help-Desk. If special requirements are not covered by an existing profile, additional profiles can be defined in direct consultation with the kiz.

Important notes

* When applying for the kizbox, a new IP address range must be assigned in most cases.
* IPv6 is always introduced as part of the setup.

Application

Applications for the kizbox are made via the Helpdesk.

Service features

• Profile-based stateful firewall for institutes and facilities of Ulm University.
• Protection of networks against all other networks of the University, as well as against the Internet.
• Protection of grouped networks by means of a common policy.

User groups

Facilities and institutes on request.

Operating hours

24 x 7 x 365

Application modalities

Prerequisite is:

• Institute/facility is part of Ulm University.
• Institute/facility is connected to the university network.
• External/MedFak in individual cases.

By e-mail to the Help Desk.

Fee / Charge

No fees or charges are invoiced for the service.