Educause Security Discussion mailing list archives
Online Gaming (Xbox, PS3, Wii, PC Games, and Future Consoles etc.)
From: "Casey, J Bart" <CaseyJB () WOFFORD EDU>
Date: Wed, 3 Sep 2008 11:44:11 -0400
All, I submitted this to the NetMan listserv but thought since a large portion of this is security related, I might submit it here as well. Your thoughts and comments are appreciated. Much to my dismay, we are entertaining the possibility of allowing gaming consoles on our network to communicate to other hosts on the internet. I would like to inquire as to what others are doing. Briefly, I have the following concerns: 1. Buying additional IPs from ARIN and performing static NAT for all hosts in Residence Halls to allow inbound connections 2. Bandwidth utilization 3. Restructuring the network to allow for this 4. Several security concerns My options as I see them with responses relative to my concerns are as follows: 1. Don't allow it. (Great from every perspective except the political ones) a. Additional IPs and Static NAT - non issue b. Bandwidth - non issue c. Restructuring the network - non issue d. Security - non issue (above current concerns) 2. Allow students to purchase cable modems (We already do this but I'm not a big fan. However, it helps give us an out in situations like this.) a. Additional IPs and Static NAT - non issue b. Bandwidth - non issue c. Restructuring the network - non issue d. Security - a bit more of a security concern for intentional or unintentional firewall bypass. (There is a solution to this in 802.1x) 3. Buy a /19 from ARIN (if we can justify it to ARINs satisfaction) and perform static translations for residence halls and open the ports (Biggest Security Concern) a. Additional IPs and Static NAT - Certainly an issue from a cost perspective and justifying the need for the addresses b. Bandwidth - I see this need going up by at least 25% c. Restructuring the network - I see no way around this as a result of additional IPs and static NAT d. Security - I see this as being a huge issue since our residence networks are currently on our LAN and have access to our Windows domain among other things. 4. Continue moving forward with our intended 802.1x implementation with a guest VLAN. Game consoles would be put into guest VLAN which doesn't touch our internal network. a. Additional IPs and Static NAT - Less of an issue than number 3 because we can most likely get by with a /23 from our ISP as opposed to going to ARIN. Worst case, a /20. b. Bandwidth - I see this need going up by at least 25% c. Restructuring the network - I don't see this as an issue because the network is ready for 802.1x and guest VLANs. Our only problem at this point is more of a social one and less of a technical one. d. Security - Not as much of a concern because the guest VLAN would be isolated. If users wanted to be on the internal network, they would have to "give up" their gaming during that time. However, once they were done on the internal network, they could then go back to the guest network by simply unplugging their PCs and plugging in their consoles. ***Note, when users are placed in the guest network, they are splashed with an agreement that they must accept to proceed. Part of that agreement would state that security is weakened as provisions have been made in the firewall to allow gaming communication. My questions are as follows: 1. What are the thoughts of the group on this? 2. Have I missed any less obvious concerns? 3. Have I missed any potential options? 4. Are there any "gotchas" 5. Do you allow this sort of connectivity? If yes, please answer the other questions below. a. How do you allow for this (option 2, 3, 4, or other) b. How does this affect your bandwidth (If anyone has traffic charts specific to this, I would be very interested in seeing them)? i. What percentage of your traffic is gaming ii. What percentage of your traffic is HTTP/Video Streaming iii. With regards to gaming, what is the ratio of ingress to egress bandwidth c. Do you provide this for all users or is it on a case by case basis? If case by case, is it a management nightmare? Thank you all for your time. Please feel free to contact me off list if you need to. Regards, J. Bart Casey Network Engineer Wofford College
Current thread:
- Online Gaming (Xbox, PS3, Wii, PC Games, and Future Consoles etc.) Casey, J Bart (Sep 03)