[unisog] risks of a mixed network

Josh Fiske jfiske at clarkson.edu
Tue Oct 24 12:27:44 GMT 2006


Hi all,

I'm eager to get some input from other network/security folks...to make 
sure I haven't missed anything on this one.

At our site, we have residence halls for which we provide network 
connectivity.  We have a PacketShaper which does P2P restriction and 
bandwidth limiting.  Some students (particularly our gamers) are 
interested in purchasing cable-modem service in their dorm room so that 
they can play their games at a higher speed.  I'd love to be able to 
provide these students with a solution that fits their needs (or wants), 
but I need to balance that with any potential risks.

In my mind, the main concern with this scenario is the risk of bridging 
our site's network with the cable-modem provider.  Currently we have in 
place Cisco switches with DHCP snooping enabled (so that DHCP responses 
can only come from trusted ports), so I'm not too worried about a 
backwards router providing address to the dorm's VLAN.  Obviously the 
cable-modem would provide another entry point to the campus network (if a 
machine were dual-homed or if bridging did occur), however at present our 
ResNet doesn't have a firewall.  So, while the lack of a firewall is a 
concern, the cable-modems would not introduct additional risk when 
compared to the current situation. 

So, these are the things that I am thinking about.  What else would you 
recommend considering?  Have I missed anything blatant?

Thanks for your feedback,

-- Josh
- - - - -
Joshua Fiske, Network and Security Engineer
Clarkson University, Office of Information Technology
(315) 268-6722 -- Fax: (315) 268-6570
jfiske at clarkson.edu

CONFIDENTIALITY:  This e-mail (including any attachments) may contain 
confidential, proprietary and privileged information, and unauthorized 
disclosure or use is prohibited.  If you received this e-mail in error, 
please notify the sender and delete this e-mail from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sans.org/pipermail/unisog/attachments/20061024/5bc78817/attachment.htm 


More information about the unisog mailing list