Network Security Enhanced

UCit Network & Telecommunication Services is pleased to announce two new network security enhancements throughout campus infrastructure that will provide a more secure user experience for the university community. 

These features became available due to the installation of newer technology, during equipment refreshment in February and March 2007. These features were not offered in the older switch technology.

The first enhancement is Dynamic Host Configuration Protocol (DHCP) snooping. DHCP is the method in which a device obtains an Internet Protocol (IP) address. DHCP snooping works by ensuring the DHCP response is only allowed through switch ports that are “trusted,” while responses from “un-trusted” switch ports are dropped. Other benefits include the following:

-  Improved tracking of the physical location of hosts.

-  Ensurance that hosts only use the IP addresses assigned to them.

-  Ensurance that only authorized DHCP servers are accessible on UCNet.

The second feature recently enabled is Address Resolution Protocol (ARP) inspection. Without this feature enabled, a user could intercept the communications of a neighbor on the same network switch. ARP inspection checks the IP address in the source field, making it impossible for a host to poison the ARP caches of other hosts. With ARP inspection enabled if one user attempts to duplicate an IP or machine address of the personal computer which has already been established in the ARP table, the counterfeit address is blocked from the ARP table.

Please direct questions or comments about changes to the UCit Help Desk @556-HELP (4357).

previous article | next article

Return to the Spring 2008 index.