The wallplates where we plug our computers into the network are frequently called ports. Unfortunately, uncontrolled ports allow anyone to plug a computer in and connect to our network. This uncontrolled activity can range from web surfing at inappropriate sites, to stealing University information, to using our network to launch attacks against other systems, and everything in between. In some cases, intruders have disconnected University computers to connect their devices and download unauthorized material. Activity of this type is tracked back to our network and can lead to damage to our reputation. To counter this threat, UT Health San Antonio is implementing port security.
Port security is part of our smart networking strategy, where each wallplate (or port) can have up to eleven (11) network devices recognized by the port. To simplify, the port “remembers” the first 11 devices connected to it. In most cases on campus, two of the devices are the networked telephone and the computer itself. In today’s environment, though, virtual computers running on a host can be represented as individual network devices and not just the host itself. In all cases, though, connecting more devices than the port can recognize automatically disables the port, and it will remain so until enabled by networking staff.
While a maximum of 11 devices is okay for most users, some situations require changing computers on a port frequently. This is most often the case for public areas, lab workstations, and computer support departments. If so, an exemption request must be submitted and must be approved by the Chief Information Security Officer (CISO). Exemptions are granted based on a justifiable, verifiable business case, including appropriate documentation. Any exemptions that are granted will be for a maximum of one year, and must be reviewed for changing circumstances and must be renewed. Additionally, exemptions are considered on an individual basis, with one request per port; bulk exemption requests will not be considered.
The overall exemption process is as follows:
- Requester gathers and provides documentation justifying the exemption (see list below)
- Requester submits request for exemption using the online exemption request form.
- The Chief Information Security Officer (CISO) makes the decision
- The CISO communicates the decision
- Denial – notify the requester with an explanation for denial
- Approval – notify requester, assign expiration date
Supporting documentation for the exemption request includes, but isn’t limited to:
- The location of the port (building, room, plate number)
- Owning department, along with responsible personnel (dean/director/chair, requester, etc.)
- How the port will be used
- How misuse of the port will be prevented
Note: If you are not able to access the online form, download the form to your computer by right-clicking on this link: Exemption Request Form
- Internet Explorer – “Save Target As …”
- Firefox – “Save Link As …”
- Chrome – “Save link as …”
1. Download the form to your computer (requires Microsoft Excel 2007 or later)
2. Read tab “1-Instructions Page”
3. Fill out tab “2-General Form”
4. Fill out tab “Port Security”
5. Begin collecting the necessary signatures
For more information regarding the exemption process, please contact Information Security at grc@uthscsa.edu, or the Information Security Hotline at 210-567-0707.