Educause Security Discussion mailing list archives

Re: Networking Design Recommendations for Scientific Equipment

From: "Shankar, Anurag" <ashankar () IU EDU>
Date: Thu, 14 Jun 2018 21:21:52 +0000

Hi,

You might also want to look at a promising new architecture from DISA called the Software Defined Perimeter (SDP).

https://cloudsecurityalliance.org/group/software-defined-perimeter/#_overview

Regards,

Anurag

---
Anurag Shankar,  Ph.D.  Email: ashankar [at] iu.edu  Phone: +1 (812) 856-6978
Center for Applied Cybersecurity Research, Pervasive Technology Institute, Indiana University
2719 E. 10th Street, Suite 231, Bloomington, IN 47408

On 6/14/18, 4:07 PM, "The EDUCAUSE Security Constituent Group Listserv on behalf of Hahues, Sven" <SECURITY () 
listserv educause edu on behalf of shahues () FGCU EDU> wrote:

    Hi all,
    
    The only thing I have heard of is the concept of the Science DMZ that has been making its way through some of the 
meetings with our SUS counterparts.
    
    The concept is basically a close to "frictionless" network used to interconnect research computing environments.
    
    https://fasterdata.es.net/science-dmz/
    
    They have a specific section on security:
    
    https://fasterdata.es.net/science-dmz/science-dmz-security/
    
    As far as published guidelines go, I am not aware of any.
    
    Sven
    
    -----Original Message-----
    From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Alex Keller
    Sent: Wednesday, June 13, 2018 5:19 PM
    To: SECURITY () LISTSERV EDUCAUSE EDU
    Subject: Re: [SECURITY] Networking Design Recommendations for Scientific Equipment
    
    Nicklaus et al,
    
     
    
    I don’t have any specific recommendations to share but am keenly interested in this topic. We support dozens of 
research labs with network capable scientific equipment (either direct Ethernet/WiFi or via a workstation purpose built 
and sold with the device) which does NOT meet our campus minimum security standards for network access. These 
conditions have organically evolved into labs without any network (Sneakernet and USB drives), private LANs with no 
Internet gateway, folks lobbying for exceptions to the standards, rogue WiFi, LTE hotspots, and everything in between.
    
     
    
    I’ve mused about possible approaches like a private LAN with hardened proxy kiosk for access (and export of data) 
to the public network.
    
     
    
    I would be happy to discuss offline, please keep me posted.
    
     
    
    Best,
    
    Alex 
    
     
    
    Alex Keller
    
    Stanford | Engineering
    
    Information Technology
    
    axkeller () stanford edu <mailto:axkeller () stanford edu> 
    
    (650)736-6421
    
     
    
    From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
Nicklaus Giacobe
    Sent: Tuesday, June 12, 2018 9:21 AM
    To: SECURITY () LISTSERV EDUCAUSE EDU
    Subject: [SECURITY] Networking Design Recommendations for Scientific Equipment
    
     
    
    Does anyone have documented recommendations for plugging scientific equipment into campus computer networks?  I’ve 
been asked to consult for a local lab whose scientists are having some difficulty communicating with their IT support 
folks.  I can imagine lots of recommendations for no networking, local area networking only, no wireless, yes wireless, 
VLANed, firewalled, bridged control systems, never having control systems with Internet access, etc.
    
     
    
    So while I am interested in hearing from you regarding specific individual recommendations, I’m more curious if 
there are specific documented recommendations and plans that sit somewhere between “Great ideas shared among 
colleagues” and a top-level policy guidance document that I might get from NIST.
    
     
    
    ---
    
    Nicklaus A. Giacobe, Ph.D.
    
    Director of Undergraduate Programs and Assistant Teaching Professor
    
    Phone: 814-865-8233
    
    College of Information Sciences and Technology
    
    Penn State University
    
    E333 Westgate Building
    
    University Park, PA 16802

Attachment: smime.p7s
Description:

Current thread:

Networking Design Recommendations for Scientific Equipment Nicklaus Giacobe (Jun 12)
- Re: Networking Design Recommendations for Scientific Equipment Alex Keller (Jun 13)
  - Re: Networking Design Recommendations for Scientific Equipment Hahues, Sven (Jun 14)
- <Possible follow-ups>
- Re: Networking Design Recommendations for Scientific Equipment Shankar, Anurag (Jun 14)