Re: Classroom station logout

["H. Morrow Long" <morrow.long () YALE EDU>]

1.      There are devices which will sense the proximity of a card
        such as a HID prox card and when that is moved away will
        begin a countdown to lock or screenlock the system.

2.      You can get pressure sensitive mats at which will sense when
        someone is standing on them and not standing on them and
        can begin a countdown to lock or unlock a system.

3.      Many rooms now have a motion or heat sensor to turn off the
        lights once everyone has left a room.  You could probably buy
        one and have it in front of a UPS so that it would shut
        off power to the UPS and the UPS would begin to shut down
        power to a desktop PC.

        You might find something similar which was driven by the lack
        of sound as well.

- H. Morrow Long, CISSP, CISM, CEH
  University Information Security Officer
  Director -- Information Security Office
  Yale University, ITS



On Apr 17, 2007, at 10:46 AM, Pace, Guy wrote:

> I looked at a number of possibilities for automated ways in my
> previous
> life. Almost all of them put a burden on the SA staff, rather than
> responsibility on the faculty, where it belongs. If you have
> administrative support, institutional policies in place and all that,
> the most effective solution is to do some Security Awareness training
> around that issue. Get the faculty involved and demonstrate the damage
> they can do to themselves and their careers by not taking
> reponsibility.
> Making threats of termination just doesn't work. The stick approach
> just
> doesn't fit the education environment anyway. Use the carrot and make
> the training a positive approach, but still highlight the dangers and
> what can happen _to_ _them_ when someone else can use their accounts.
> Once they get a personal investment in it, you'll see a significant
> increase in policy compliance.
>
> This is very much related to the security awareness thread that has
> been
> going on the last week. It isn't just faculty who need to log out of
> podiums, but staff who need to lock systems when they take a bathroom
> break or go get a cup of coffee. If you combine the training to
> include
> both areas, the faculty won't feel targeted and it will be
> perceived as
> a broader issue.
>
> Guy L. Pace, CISSP
> Security Administrator
> Center for Information Services (CIS)
> 3101 Northup Way, Suite 100
> Bellevue, WA 98004
> 425-803-9724
>
> gpace () cis ctc edu
>
>
> -----Original Message-----
> From: Gary Dobbins [mailto:dobbins () ND EDU]
> Sent: Tuesday, April 17, 2007 6:16 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Classroom station logout
>
> Has anyone found a clever and effective solution to the problem of
> faculty leaving classroom lectern systems logged in when they leave?
>
> A simple timeout doesn't cut it, since some may open a slide deck for
> the entire period and don't move the mouse, others might actively use
> the system right up to the end of the period, then walk away.
>
> Something that "knows when they've left the room" would be ideal,
> but it
> would also have to distinguish against other persons who arrived as
> the
> original user leaves.
>
>
> --
>
>    Gary Dobbins, CISSP -- Director, Information Security
>    University of Notre Dame, Office of Information Technologies