Policy and Enforcement Plan for Unapproved Campus Network Extensions

Audience:

All members of the Northwestern Community and users of the University network.

Definition:

Extensions of the campus infrastructure fall into four main categories: extensions for the use of wired equipment using multi-port devices (port replicators, hubs, and switches); extensions for the use of wireless devices using wireless access points; extensions over leased lines or dedicated facilities to off-campus locations or other computer networks; and extensions through the telephone network to allow for remote access to University systems or services.

Policy Statement:

“To provide the best possible quality of wireless network service, ensure wired and wireless network security and integrity, and minimize the interference between the campus network and other products deployed throughout campus, extensions of the University network of any kind are prohibited. Extensions include, but are not limited to, firewall appliances, hubs routers, switches, wireless access points, etc. Installation, engineering, maintenance, and operation of the NU network, and serving any property owned or leased by the University, are the sole responsibility of NUIT.” (From "Appropriate Use Of Electronic Resources”)

Background Issues:

The issues surrounding extending the campus infrastructure fall into four categories: security, accountability, future network performance and reliability, and operation. As the NU Internal Audit department has pointed out, there are security issues in extending the campus network, but security is no longer the only factor.

Network Security Issues

The University network must be kept secure. Security concerns involve protection of central data files, host computers and the network itself. Tracking of virus infections, compromised computers, and collaborating with other sites to isolate problems is an ongoing task. The technique most often used when problems occur is to quarantine the problem computer from the remainder of the University network by disabling its network port. This happens daily and sometimes many times each day during virus outbreaks.

Clearly, a single-port model minimizes the interruption of services in a security incident. With network authentication, it will be possible to contact the person responsible for the computer to announce that the device has been quarantined, thereby saving time and confusion for the user.

Effects of Extending the Network on Network Security

When a single port is extended using a multi-port device (network extension), then all computers connected through that port become subject to quarantine should any single one be compromised. Often, users will unwittingly place important service machines on multi-port devices along with less important workstations. When one of the workstations is compromised, then the server will lose network connectivity as a result of the quarantine procedure. This can immediately disrupt service for an entire department, research group, or students relying upon access to materials on that host.

When a compromise occurs on one of a group of hosts that are connected by a multi-port repeater (e.g., a device that offers no network isolation between hosts), then all hosts must be considered compromised and will need to be examined and repaired. This can require re-installation of the operating system and restoration of user files from backup for each machine at a significant loss of staff productivity and staff time.

If a server behind a multi-port device has access to secure information, significant staff time is required to verify that the secure information has not been exposed and that the trust relationships between that server and other systems have not been violated. Unfortunately, documentation of which hosts are connected to a given multi-port device may not exist, and therefore the administrator may not realize that University data has been jeopardized and needs to be examined.

Additional problems result from wireless access points. These devices are often poorly configured and may allow some level of access on the network to any passerby. If the passerby's computer is compromised, then it could operate as a vector for affecting other machines both on and off the wireless segment. The passerby may be connected to the network only briefly and other users may not be aware of the intrusion until it is too late. More discussion of hub/repeater security is available.

Extending the campus network to remote facilities or interconnecting to other networks is a serious security hazard. Remote facilities may not have adequate security or appropriate terminating systems. Connecting an outside network to the University network undermines centralized firewall and intrusion detection.

Private modems on the infrastructure offer another mechanism through which a machine can be compromised. And as above, a modem compromise of machine can have a cascade effect throughout the web of other systems that trust that machine. Although surpassed in the press by the network-based hackers, unauthorized individuals using the telephone system and a modem are still a threat to host and infrastructure security.

Accountability

With increasing governmental regulations, the University must be able to document and account for network resource access and utilization. These regulations include:

  • Protection of personal privacy, such as the Health Insurance Portability and Accountability Act (HIPAA) and the Federal Educational Rights and Privacy Act (FERPA),
  • Security of systems that may be affecting other parts of the Internet, such as the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (USA PATRIOT Act), and
  • Protection of intellectual property rights, such as the Digital Millennium Copyright Act (DMCA).

In addition, the University's own information systems are now designed to emphasize easy access to secure information for end users (e.g., FASIS and SES portals), which leads to increasing requirements to limit the possibility that information can be intercepted, inspected or modified in transit. Users who extend the infrastructure limit the University's ability to secure the information flow end-to-end and understand the security and bandwidth requirements of end systems.

Effects of Extending the Network on Accountability

Accountability relies upon authentication and secure transmission. All means of extending the campus network are potentially incompatible with this required end.

Private modem lines and private modem pools attached to the campus network are a vector whereby unauthorized individuals may be allowed access to resources, systems and information that the University has a requirement to secure and protect. The risk of leaking information through the use of private modems is high and has significant implications with respect to University compliance with government regulations.

Wireless access points present a similar accountability problem to modem lines. Without appropriate authorization and encryption, wireless access can be used to monitor traffic on the University network or to gain access to the network and its resources. Wireless access points can leave valuable and costly University resources, such as Internet connectivity, open to abuse by unauthorized persons.

Institutionally, it will be increasingly important to arrive at an authenticated network access model. This has already been implemented in the residence hall networks. Authenticated access will enable user service level agreements covering bandwidth, security and access to information. Multi-port switching devices are not compatible with this future access model.

Future Use of the Infrastructure - Performance and Reliability

Individuals and groups throughout the University are actively developing applications and services that are becoming more dependent upon a deterministic network. The attributes of limited delay and limited jitter required by network-based video, network-based telephony, and other real-time applications, along with guaranteed, measurable service levels are rapidly increasing in importance for the business, educational and research operation of the universities including Northwestern. The ability to manage the infrastructure out to the end device is increasing in importance to ensure that services can be delivered reliably and consistently.

Effects of Extending the Network on Performance and Reliability

Use of multi-port devices attached to the campus infrastructure blurs the deterministic nature of the infrastructure. For example, a user with a multi-port device connected to a campus switched Ethernet port may not support the same high-quality video that a co-worker receives who is directly connected to a campus switched Ethernet port. While that co-worker may watch a University video event without problems, others with multi-port devices could be prevented from doing so. The erroneous perception that this is a "network" problem wastes time and resources and could affect the general impression of the University's infrastructure. Similar problems can occur when users on multi-port devices attempt to use video conferencing. These devices do not adequately support the required protocols, thus diminishing service or in some cases preventing service altogether.

This problem will be compounded as NUIT deploys VoIP (Voice over Internet Protocol) services. With VoIP, a user's computer will become an integral part of a general communication system, alerting the user to voicemail, providing directory and dialing services, and providing application sharing functions. Multi-port devices will severely affect VoIP services and be incompatible with its deployment. This continues to emphasize the importance of a single-port service model.

Wireless access, based upon common authentication and protocol support, is essential to transparent service across the University. Reliable service, in the eyes of the end user, must involve unified access, encryption and authentication. Islands of access resulting from network extensions are counter to this service model.

Network Operation Issues

Network support operations involve monitoring the network and solving individual repair cases as quickly as possible. As a business function, this support must be effective and cost efficient.

Effects of Extending the Network on Network Operations

Multi-port and wireless extensions to the network are a short-term approach that can be very costly in lost local staff time and network operations time. The ability to assist users in troubleshooting problems with hosts connected to a multi-port device is severely limited. There have been many occasions where departments and research groups have been seriously affected while problems are sorted out. In order to determine the nature of the actual problem, the user is required to remove the multi-port device from the network. If an important server is also connected, resolution of the operational issue can be delayed.

If many users on a particular piece of the campus infrastructure are using multi-port devices, then the cost to convert that set of users to single-port service may be significant due to compounded equipment, space and wiring costs. Departments that are systematically using multi-port devices, rather than purchasing needed ports, are unfairly shifting the overall cost of the network onto other users. This shifting is compounded by the increased costs to troubleshoot multi-port connections should problems arise.

The argument that people who use these multi-port devices only hurt themselves is misguided. Experience has shown that multi-port devices tend to fail in very unpredictable ways. Often these failures adversely affect other users within the same broadcast domain. Thus, the failure not only affects users on the multi-port device itself, but also other users on the same LAN.

As multi-port devices have begun to offer additional functions, such as DHCP and firewall services, configuration has become more complicated. Without understanding defaults and options, these devices are frequently installed in ways that disrupt the operation of the LAN for all users, which is often reported to NUIT as a network failure and is resolved only when NUIT staff locate the device.

Private modems suffer from different kinds of problems on the infrastructure that prevent them from operating optimally. These modems are on analog lines and, as a result, high-speed modem connections of 50 kbps are unlikely.

Conclusion

Because of these four issues - security, accountability, future network performance and reliability, and network operations - it is important that schools and departments remove network extensions (hublets, multi-port switches, wireless access points, and modems) from the University network in accordance with University policy. The removal will provide tangible benefits to the end users, will allow the University to maintain a secure and cost-efficient infrastructure, and will ensure a level of service that will support future technologies.

Policy Enforcement Plan

NUIT may remove or deactivate unknown or unapproved extensions to the campus network infrastructure beginning in June 2005. This will include multi-port hubs and switches, unauthorized wireless access points, and modems.

Last Review Date:

December 2013

Original Issue Date:

June 2003

Revision Dates:

July 2012

March 2010

May 2007

May 2006

Related Policies: