Wall-Plate Port Security: Implementation Memorandum

To: All Wall-Plate Customers

Effective July 1, 2008, network monitoring and protection methods (Wall-Plate Port Security) will automatically shut down any Wall-Plate port showing symptoms of looping, packet storms, attachment of unauthorized network equipment, or unauthorized DHCP distribution. Ports shut down will be scanned periodically and will remain disabled until the problem is cleared. Local subnet managers will receive email notification when ports are shut down. A detailed description of these port security features and their review and endorsement by ITAC-NI can be found in the October 2007 and February 2008 ITAC-NI meeting minutes:

• Network Edge Protection and 802.1x
• Final discussion and vote on recommendation to not allow external network devices in Wall-Plate buildings

Port Security features are designed to be deployed on the edge of the network and frequently disable most ports that have additional network infrastructure devices deployed downstream of the edge configured port. For port security to work correctly local administrators and users must not attempt to implement their own network infrastructure. This includes, but is not limited to basic network devices such as hubs, switches, routers, network firewalls, and wireless access points. Any active electronics that expand the network connectivity beyond that of the wall plate port must be approved and managed by CNS for the purpose of providing a secure and reliable network for all users.

Current Wall-Plate customers should plan to remove non-CNS managed network infrastructure devices by July 1, 2008. Wall-Plate departments can request an exception for a particular device by submitting a written justification, or can request an extension to this deadline by providing a detailed remediation plan including a listing of the devices in question, a timeline for the removal of the devices, and justification for the extension. Request should be submitted via the Remedy IT Service Management System

In most cases remediation will include the installation of additional network cabling from the workstation back to the network closet, but some departments may be able to utilize existing wireless Ethernet services rather than deploying additional cabling. The cost of additional cabling starts at about $250 for a single cable install and increases by about $75 for each additional cable going to the same faceplate. Departments can submit a request for assistance in evaluating wireless options or can request assistance with planning and coordination of any cabling needs via the CNS Request web page.

A description of central Wall-Plate services, and local unit requirements for connecting to the Wall-Plate Data Network, are documented here.

Todd Hester
Wall-Plate Project Deployment Manager
(352)392-2341

If you have questions about Wall-Plate Services, or VoIP telephone services, please contact John Madey (352)273-1113