Re: Open access to student labs

["clementz.7" <clementz.7 () OSU EDU>]

Here at the school of Architecture we also require authentication at the
workstation through our domain as well as an ID card swipe at the lab.

On public university computers there is no login, but when accessing the
internet they are required to authenticate.  So in the case of sending a
potential harmful use or email.  On both types of computers there are strict
Group and Local policies preventing users from doing anything harmful.

Whatever technical challenges there may be I think it is our responsibility
as administrators to provide the most secure access for the users as well as
covering our own hides.

The system we use for our doors is Lenel and the software we use to upload
it is BEST.  Good Luck and Merry Christmas.


Todd Clementz
Systems Administrator
Knowlton School of Architecture
The Ohio State University
614.292.8544

-----Original Message-----
From: Hull, Dave [mailto:dphull () KU EDU]
Sent: Wednesday, December 20, 2006 3:40 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Open access to student labs

I've been in my current position for a few short months and haven't learned
everything yet and have been surprised by a few things. Firstly, we have
several computer labs. All are protected at their main entry points by
Omnilock(tm) keypad locks, but (here's the disappointing, surprising part)
the combinations have never been changed and all students use the same
combination, though different labs are keyed differently.

Once in the labs, all users are required to login using an account in our
domain. We charge students for printing and enforce storage quotas.
All of our labs are also equipped with cameras and a recording device that
(another recently discovered surprise) hasn't actually been recording
anything since early October.

I'm hoping to address the Omnilock situation in the future; assigning unique
combinations to each student and changing them once a semester.
The trouble is, students will share their combinations and I don't see any
good way of preventing that. We will have the camera recorder up and running
again soon.

I can't imagine running a publicly accessible lab without requiring some
sort of authentication at the workstation, that's got to make it extremely
difficult to tie a security incident to an individual user.

--
Dave Hull, CISSP, CHFI
IT Director
KU School of Architecture & Urban Design
785-864-2629

-----Original Message-----
From: Boaz Gelbord [mailto:GelbordB () NEWSCHOOL EDU]
Sent: Wednesday, December 20, 2006 2:26 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Open access to student labs

Dear all,

I would be interested in knowing how many institutions have student labs
with open access versus forcing users to login.

At the New School we have open labs in which students need to identify
themselves at the front desk but can then just sit in front of a terminal
and work without logging in (we also have some public terminals in the
cafeteria and elsewhere where no ID is required). These machines are locked
down so that students have no administrative privileges.
Forcing users to login at the labs would be a technical challenge and create
extra work for our helpdesk but would help us track down users who violate
our policies or in case of an incident.

If you would like to answer me off the list I can aggregate the answers and
send out a summary.

Thanks and happy holidays-
Boaz.

Boaz Gelbord
Manager of Information Security
The New School
55 West 13th Street NYC 10011
www.newschool.edu