Educause Security Discussion mailing list archives

Re: Open access to student labs

From: Greg Vickers <g.vickers () QUT EDU AU>
Date: Thu, 21 Dec 2006 09:20:44 +1000

Hi Boaz,

Boaz Gelbord wrote:

Dear all,

I would be interested in knowing how many institutions have student
labs with open access versus forcing users to login.

At the New School we have open labs in which students need to identify
themselves at the front desk but can then just sit in front of a
terminal and work without logging in (we also have some public terminals
in the cafeteria and elsewhere where no ID is required). These machines
are locked down so that students have no administrative privileges.
Forcing users to login at the labs would be a technical challenge and
create extra work for our helpdesk but would help us track down users
who violate our policies or in case of an incident.


Here at QUT there are ~2000 lab hosts across four geographical
locations. Central labs are managed by one group (~1500 hosts) and the
other lab hosts are spread across other faculties/schools.

We have an AD implementation and to get access to a lab host a student
has to use their student number and password to log onto a lab host.

Some labs are protected by swipe access using the Cardax system, but
this does not stop a student who will wait at a door until someone else
with swipe access comes along and lets them in. This is not a huge
problem, it's just not a guaranteed method of restriction physical
access to a computer lab.

The central lab hosts use a combination of Rembo and DeepFreeze to
re-image the PC after a student has finished using it, a reboot is
forced when a student logs off, so any data that user left behind
(either saved files or cached/temp data/files) is removed from casual
retrieval. The students have administrative access to these hosts so
they can do what they like to these computers.

Most Faculty/School computers use a similar image management technique,
(or Ghost) and do not grant administrative access for student accounts.

Feel free to email me if you have any questions.

--
Greg Vickers
IT Security Engineer & Project Manager
IT Security, Network Services,
Information Technology Services
Queensland University of Technology
L12, 126 Margaret St, Brisbane

Phone: +61 7 3138 9536
Mobile: 0410 434 734
Fax: +61 7 3138 2921
Email: g.vickers () qut edu au
IT Security web site: http://www.its.qut.edu.au/itsecurity/

CRICOS No. 00213J

Current thread:

Open access to student labs Boaz Gelbord (Dec 20)
- <Possible follow-ups>
- Re: Open access to student labs Hull, Dave (Dec 20)
- Re: Open access to student labs clementz.7 (Dec 20)
- Re: Open access to student labs Ken Connelly (Dec 20)
- Re: Open access to student labs Samuel Young (Dec 20)
- Re: Open access to student labs Greg Vickers (Dec 20)
- Re: Open access to student labs Ken Martin (Dec 20)
- Re: Open access to student labs Keith Furrow (Dec 21)
- Re: Open access to student labs Boaz Gelbord (Dec 22)
- Re: Open access to student labs Dave Koontz (Dec 22)