Re: potential security issues with embedded systems?

[Jack Suess <jack () UMBC EDU>]

At U. Maryland Baltimore County we have a major initiative underway to
completely redesign our network infrastructure. One of the things we have
done in our design is create a standard set of VLAN's across the campus.
Essentially our campus network has become a network of networks with
different activities on different VLAN's. Some VLAN's are campus wide
(wireless, HVAC, 1-Card, and some are building oriented). We then tie
different firewall policies to each network. This allows us to isolate
like machines according to purpose and risk.

Our thinking was that there is really no good reason to put some of these
specialized systems such as the 1-card on a network that is broadly
accessible. In my mind HVAC/Energy management is a similar network that
does not need to be exposed to other machines that don't share that
purpose. We have actually created a special VLAN for devices such as
projectors which are often very difficult to control and which we wanted
to limit outside access to these devices.

One reason for this thinking is that in some circumstances it is actually
very complicated to get some machines upgraded. Our energy management
system operation is outsourced. If that pc gets hit it might be a day or
so before I can get the vendor to address it.

If we deploy VoIP I would probably create a campus VLAN set for these
devices as well.



jack suess, cio

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.