SB5: Servers must be protected from improper network-based access, whether the system is managed directly by Harvard or via contract with a third-party service provider for Harvard's use (e.g. IaaS, SaaS). See also: Level 3, Level 4, 8, Servers B, Level 3, Level 4
Configure firewall for allowed administration The firewall must be configured to only permit administrative access from the specific systems used by the administrators for the specific service.
Configure firewall to permit required traffic The firewall must be configured to only permit inbound traffic that is required for the proper operation of the server.
Implement firewall between server and network There must be a firewall between the server and any network which includes user computers. This can be a host-based firewall.