[unisog] Cisco 2950 protected ports in residential halls

Stejerean, Cosmin cosmin at cti.depaul.edu
Tue Nov 22 06:56:53 GMT 2005

The question to consider is whether or not by doing this you are
interfering with legitimate school related uses. Granted that you will
stop things like P2P between the students but this might not be the best
way. The ideal solution should be to make it clear to the users what is
and is not allowed on the network and then hold people accountable when
they violate your policy. This will increase the security of the network
without having to resort to extreme measures.


Cosmin Stejerean

-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Royston Boot
Sent: Monday, November 21, 2005 9:45 PM
To: unisog at lists.sans.org
Subject: [unisog] Cisco 2950 protected ports in residential halls


We are planning to block traffic between residential hall/dorm users by
configuring the ports on our Cisco 2950 access switches as "switchport
protected". In testing it all behaves as expected, with individual users
unable to talk to each other, but no problems with traffic to/from our
central servers. The aim is to reduce the problems caused by unpatched,
worm infected machines as well as to help eliminate copyright infringing
P2P traffic, games, video streaming etc. I appreciate this will be
unpopular with the users!

I'm interested to hear the experiences of others who have tried this,
and what sort of problems they came across. 


Royston Boot
Internet and Security Manager
Lincoln University
Canterbury, New Zealand

Phone: (64) (3) 325 2811 x8594
Cell:     (0274) 820 079

unisog mailing list
unisog at lists.sans.org

More information about the unisog mailing list