[unisog] Network security police no hubs/switches/routers?

Vijay S Sarvepalli VSSARVEP VSSARVEP at uncg.edu
Mon May 23 18:49:30 GMT 2005


Maybe you could enlighten me. Why are you doing this? Are you talking 
about people setting up their own
subnets within your organization's network without consulting with 
those who manage your network?

NO! I am talking about people expand the network to serve more devices, 
like adding a hub /NAT device to
an office and multiple PC's.  They either wire them backward or plug in 
hub in two locations to get better
"bandwidth"  We are trying to eliminte hubs by one mac address per port 
policy.  Once we put out a 
policy that spells this out a lot of campus gets upset. A NAT router is 
okay in some ways except
we cannot do much troubelshooting of the end network.  And ofcourse there 
are NATed wireless
routers which the users does not even know does wireless (he just things 
the antennas look nice).

Vijay





Stanley Horwitz <stan at temple.edu> 
Sent by: unisog-bounces at lists.sans.org
05/23/2005 01:39 PM
Please respond to
UNIversity Security Operations Group <unisog at lists.sans.org>


To
UNIversity Security Operations Group <unisog at lists.sans.org>
cc

Subject
Re: [unisog] Network security police no hubs/switches/routers?







On May 23, 2005, at 9:29 AM, Vijay S Sarvepalli VSSARVEP wrote:

>
> We have just spelled out some policies that no hubs/routers are to 
> be connected to the network.  There seems to be  a lot of
> resistance for this policy.  I know the technical reasons for not 
> allowing this, but anybody have a lay man explanation in their policy
> about "Why hubs/routers are not allowed on the campus network?"
>
> If you have one please do share.  If you have a strong network 
> security that limits what type of devices attach to the network, again
> in non technical terms please do share this as well.

Maybe you could enlighten me. Why are you doing this? Are you talking 
about people setting up their own
subnets within your organization's network without consulting with 
those who manage your network?
_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/unisog/attachments/20050523/1f146985/attachment-0001.htm


More information about the unisog mailing list