Blocking of Illegal IP Addresses and Network Cards Continues

by Raymond Poon
SHARE THIS

In the past few months, thanks to departments' cooperation, the Computing Services Centre (CSC) has successfully completed the registration of IP addresses and network cards used on the campus network. This information can help the CSC rectify problems and notify the victim users more quickly. In order to minimise the security threats arising from illegal network connections using unregistered IP addresses or network cards and to better protect the cyber-community of the University, effective from 1 September 2002, all such IP addresses or network cards, once found, will be immediately filtered (blocked) from the network without prior notification.

To assist staff in maintaining the accuracy of their IP addresses/network cards and the related information, the following will be provided:
  1. In order to avoid interruption to staff's work due to blocking arising from "unregistered" status, staff are advised to check, and if necessary to update, the registration record of the network connection for their computers by clicking 'My Network Connection' in the Intranet and following the instructions displayed there.
     
    In case of discrepancy, the staff concerned may have to ask their Departmental Network Administrator (DNA) to make the amendments for them as some privileged data of their network connection registration records in our database are protected and can be updated only by the DNA through the Network Address Management System (NAMS). In fact, the NAMS, available under the "Utility and Tools" menu of the Intranet, performs all functions for the 'My Network Connection'. The DNA has the privilege to invoke NAMS to update both the protected and un-protected data of any network connection registered under the department while other staff can only update unprotected data of those network connections registered under their names.
     
    A more detailed operation and procedure guide of NAMS can be found at: http://www.cityu.edu.hk/itatcityu/itsecurity.htm
     
  2. All blocked network cards and/or IP addresses, and the reasons for being blocked can also be found at the above-mentioned URL. They will be released only when proper remedial actions have been taken and the CSC is so informed in writing. For those users who can no longer access the list of blocked IP/network card addresses from their PCs due to either their offending IP addresses/network cards already being blocked or other network problems, they can access the list through other networked PCs.
     
     
  3. A one-time allocation of 3 or 5 floating IP addresses, depending on the size of the department, can be allocated for ad-hoc uses to computers that need to connect to different network points, etc. Staff can request these floating IP addresses through the "On-line CSC Work Request Submission System".
     
  4. Registered IP addresses, if have not appeared on the network for 3 months, will be returned to the unused IP address pool and removed from NAMS database.
     
  5. Registered network card addresses, if have not appeared on the network for 3 months, will be declared obsolete and removed from NAMS database.

Moreover, you can help the CSC strengthen the security of campus network by:

  1. Using 'NAMS' to register all the network cards and IP addresses being used by your department, and the types of network services being offered, if any
  2. Using 'NAMS' to remove as soon as possible any unused IP addresses
  3. Using 'NAMS' to remove as soon as possible any obsolete or unused network cards
  4. Using 'NAMS' to keep information related to registered IP addresses and/or network cards up-to-date
  5. Not applying for more IP addresses than necessary
  6. Informing the CSC in writing of the transfer of ownership of computers/network devices and their new locations
  7. Informing the CSC of unused network points

Should there be any query, please contact the CSC Help Desk at 27887658 or your CSC Representative.