Educause Security Discussion mailing list archives

Re: Open access to student labs

From: "Hull, Dave" <dphull () KU EDU>
Date: Wed, 20 Dec 2006 14:40:12 -0600

I've been in my current position for a few short months and haven't
learned everything yet and have been surprised by a few things. Firstly,
we have several computer labs. All are protected at their main entry
points by Omnilock(tm) keypad locks, but (here's the disappointing,
surprising part) the combinations have never been changed and all
students use the same combination, though different labs are keyed
differently.

Once in the labs, all users are required to login using an account in
our domain. We charge students for printing and enforce storage quotas.
All of our labs are also equipped with cameras and a recording device
that (another recently discovered surprise) hasn't actually been
recording anything since early October.

I'm hoping to address the Omnilock situation in the future; assigning
unique combinations to each student and changing them once a semester.
The trouble is, students will share their combinations and I don't see
any good way of preventing that. We will have the camera recorder up and
running again soon.

I can't imagine running a publicly accessible lab without requiring some
sort of authentication at the workstation, that's got to make it
extremely difficult to tie a security incident to an individual user.

-- 
Dave Hull, CISSP, CHFI
IT Director
KU School of Architecture & Urban Design
785-864-2629 

-----Original Message-----
From: Boaz Gelbord [mailto:GelbordB () NEWSCHOOL EDU] 
Sent: Wednesday, December 20, 2006 2:26 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Open access to student labs

Dear all,

I would be interested in knowing how many institutions have student labs
with open access versus forcing users to login. 

At the New School we have open labs in which students need to identify
themselves at the front desk but can then just sit in front of a
terminal and work without logging in (we also have some public terminals
in the cafeteria and elsewhere where no ID is required). These machines
are locked down so that students have no administrative privileges. 
Forcing users to login at the labs would be a technical challenge and
create extra work for our helpdesk but would help us track down users
who violate our policies or in case of an incident.

If you would like to answer me off the list I can aggregate the answers
and send out a summary.

Thanks and happy holidays-
Boaz.
 
Boaz Gelbord
Manager of Information Security
The New School
55 West 13th Street NYC 10011
www.newschool.edu

Current thread:

Open access to student labs Boaz Gelbord (Dec 20)
- <Possible follow-ups>
- Re: Open access to student labs Hull, Dave (Dec 20)
- Re: Open access to student labs clementz.7 (Dec 20)
- Re: Open access to student labs Ken Connelly (Dec 20)
- Re: Open access to student labs Samuel Young (Dec 20)
- Re: Open access to student labs Greg Vickers (Dec 20)
- Re: Open access to student labs Ken Martin (Dec 20)
- Re: Open access to student labs Keith Furrow (Dec 21)
- Re: Open access to student labs Boaz Gelbord (Dec 22)
- Re: Open access to student labs Dave Koontz (Dec 22)