[unisog] Network security police no hubs/switches/routers?

Russell Fulton r.fulton at auckland.ac.nz
Tue May 24 20:33:01 GMT 2005


On Tue, 2005-05-24 at 10:08 -0400, Hall, Rand wrote:

> For many of us, I think the important part of our policy is the word
> "unauthorized." We don't usually have a problem authorizing network
> extensions--we just want to know about them and make sure they're done
> right.

I think this is the key point in this discussion.  Those responsible for
the network need to know what is going on and have the ability to say no
without lengthy arguments.  They also need the authority to disconnect
unauthorised extensions without jumping through hoops.

That's pretty much the situation here.  We (central IT) run the network
up to the wall socket and our policies state that if you want to plug
anything other than a single device in you have to let us know.  It also
make clear that if you do have more than one device hooked up to a
socket and one of them screws up then don't come complaining to us when
we shutdown the switch port.  If you can't live with this then you need
to come and negotiate some more cabling and that will cost $s.

I do like the idea (sorry I've forgotten who made the suggestion) of
specifying a managed switch (which would be CISCO 29xx in our case) that
can be incorporated into our management system and allowing people to
use those.

Cheers, Russell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2201 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050525/d0684efd/smime.bin


More information about the unisog mailing list