Educause Security Discussion mailing list archives
Re: Networking Design Recommendations for Scientific Equipment
From: "Shankar, Anurag" <ashankar () IU EDU>
Date: Thu, 14 Jun 2018 21:21:52 +0000
Hi, You might also want to look at a promising new architecture from DISA called the Software Defined Perimeter (SDP). https://cloudsecurityalliance.org/group/software-defined-perimeter/#_overview Regards, Anurag --- Anurag Shankar, Ph.D. Email: ashankar [at] iu.edu Phone: +1 (812) 856-6978 Center for Applied Cybersecurity Research, Pervasive Technology Institute, Indiana University 2719 E. 10th Street, Suite 231, Bloomington, IN 47408 On 6/14/18, 4:07 PM, "The EDUCAUSE Security Constituent Group Listserv on behalf of Hahues, Sven" <SECURITY () listserv educause edu on behalf of shahues () FGCU EDU> wrote: Hi all, The only thing I have heard of is the concept of the Science DMZ that has been making its way through some of the meetings with our SUS counterparts. The concept is basically a close to "frictionless" network used to interconnect research computing environments. https://fasterdata.es.net/science-dmz/ They have a specific section on security: https://fasterdata.es.net/science-dmz/science-dmz-security/ As far as published guidelines go, I am not aware of any. Sven -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Alex Keller Sent: Wednesday, June 13, 2018 5:19 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Networking Design Recommendations for Scientific Equipment Nicklaus et al, I don’t have any specific recommendations to share but am keenly interested in this topic. We support dozens of research labs with network capable scientific equipment (either direct Ethernet/WiFi or via a workstation purpose built and sold with the device) which does NOT meet our campus minimum security standards for network access. These conditions have organically evolved into labs without any network (Sneakernet and USB drives), private LANs with no Internet gateway, folks lobbying for exceptions to the standards, rogue WiFi, LTE hotspots, and everything in between. I’ve mused about possible approaches like a private LAN with hardened proxy kiosk for access (and export of data) to the public network. I would be happy to discuss offline, please keep me posted. Best, Alex Alex Keller Stanford | Engineering Information Technology axkeller () stanford edu <mailto:axkeller () stanford edu> (650)736-6421 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Nicklaus Giacobe Sent: Tuesday, June 12, 2018 9:21 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Networking Design Recommendations for Scientific Equipment Does anyone have documented recommendations for plugging scientific equipment into campus computer networks? I’ve been asked to consult for a local lab whose scientists are having some difficulty communicating with their IT support folks. I can imagine lots of recommendations for no networking, local area networking only, no wireless, yes wireless, VLANed, firewalled, bridged control systems, never having control systems with Internet access, etc. So while I am interested in hearing from you regarding specific individual recommendations, I’m more curious if there are specific documented recommendations and plans that sit somewhere between “Great ideas shared among colleagues” and a top-level policy guidance document that I might get from NIST. --- Nicklaus A. Giacobe, Ph.D. Director of Undergraduate Programs and Assistant Teaching Professor Phone: 814-865-8233 College of Information Sciences and Technology Penn State University E333 Westgate Building University Park, PA 16802
Attachment:
smime.p7s
Description:
Current thread:
- Networking Design Recommendations for Scientific Equipment Nicklaus Giacobe (Jun 12)
- Re: Networking Design Recommendations for Scientific Equipment Alex Keller (Jun 13)
- Re: Networking Design Recommendations for Scientific Equipment Hahues, Sven (Jun 14)
- <Possible follow-ups>
- Re: Networking Design Recommendations for Scientific Equipment Shankar, Anurag (Jun 14)
- Re: Networking Design Recommendations for Scientific Equipment Alex Keller (Jun 13)