[unisog] Network security police no hubs/switches/routers?
chmorl at wm.edu
Mon May 23 22:25:53 GMT 2005
Once folks get in the habit of thinking that it is OK to plug in hubs and
they keep doing it for several years, such a "no hub" policy can be
difficult to enforce. The common excuse I hear is: "Why should I pay for
an extra network connection (with the extra wiring involved) when I can
run down to Walmart and pick up a cheap network hub?"
Many users tend to think that a "no hub" policy is some sort of "unfunded
mandate". What they do not realize, of course, is the cost of supporting
all of the problems associated with these hubs.
I've had several instances this year where a cheap hub started to send
packets received on the uplink interface back out the same uplink
interface. Unfortunately, the hub filtered out the Spanning Tree
packets, so I effectively get a unicast/broadcast packet storm without the
means of detecting the problem -- other than the thrashing L2 tables in
our switches. What a mess.
So my challenge is to show that allowing these cheap hubs actually costs
the university MORE money in the long run. But alas, I haven't been able
to convince everyone yet about this :-(
College of William and Mary
Information Technology - Network Engineering
Jones Hall (Room 18)
Williamsburg VA 23187
On Mon, 23 May 2005, Vijay S Sarvepalli VSSARVEP wrote:
> We have just spelled out some policies that no hubs/routers are to be
> connected to the network. There seems to be a lot of
> resistance for this policy. I know the technical reasons for not allowing
> this, but anybody have a lay man explanation in their policy
> about "Why hubs/routers are not allowed on the campus network?"
> If you have one please do share. If you have a strong network security
> that limits what type of devices attach to the network, again
> in non technical terms please do share this as well.
More information about the unisog