IT Policies
white space

 



Policy on Network Port Access
(Updated 2.24.2004)

Policy

Ports will be designated as either standard or open. The primary distinction between the two is that authentication is required on an open port in order for it to pass traffic. Furthermore, re-authentication is required every six hours on open ports.

This policy applies to all new installations. It may be applied retroactively to extant ports - at the discretion of Operational Support Services, CIT, in consultation with the "owners" of the ports.

Definitions

  • Ports refer to access points which range from dial-in connections to Ethernet connections.
  • Standard Port
    • A standard port has a single machine continuously connected to it.
    • Staff members, who ae responsible and accountable for the uses of the port, administer the machine and control access to the machine via username and password.
    • The machine may be used by a single user or shared by many users.
    • The port is in a secured and supervised space in which the machine connected to it cannot be bypassed or modified without notice being taken.
    • The port can be Ethernet MAC address-locked, although it should be noted that MAC locking is not widely deployed and requires administrative overhead.
    • Passive network control is accomplished through the responsibility and accountability of the administrators of the machine (and users of the machine).
    • Active control is accomplished through the administration of the machine in the form of applications to which users have access. No active controls are placed on the port at this point.
  • Open Port
    • An open port does not meet all the requirements for a standard port.
    • Ports for which responsibility and accountability cannot be assigned will be designated as open.
    • Passive control is accomplished by requiring each user to be authenticated via a username and password in order for the port to pass traffic. The username and password combination is mapped to the MAC address and IP address of the machine, producing an audit trail of actions performed via the port.
    • Active control is accomplished through firewalls and traffic filters.
See Open Port Policies for more information on the University's open port policies.

  white space
  



Related Links

» UB Computer and Network Use Policy

» UB IT Resources - Conditions of Use

» Open Port Policies


Copyright 2007, University at Buffalo, All rights reserved.