Educause Security Discussion mailing list archives
Re: Outside Entities Computers
From: "Lovaas,Steven" <Steven.Lovaas () COLOSTATE EDU>
Date: Fri, 14 Dec 2007 08:51:11 -0700
For those of you that run centrally administered networks, it may be easy enough to just say "if it's not centrally managed it doesn't get full access." For Universities with more distributed IT structures, this is harder. Short term guest access is one thing, but there are any number of classes of devices whose users are going to require ongoing access to the main network, and whose OS and apps are not going to be centrally managed. ROTC is a case in point. Funds and procurement rules are generally federal, and they basically do their own thing. But because they're also working with students they need access to all the things that other departments need. This would be a great case for defining a separate security zone with a firewall and some sort of remote application access (citrix or SSL vpn or something of that sort). There's a more general question, though, that Buz brings up. Do you allow non-University clients at all? If so, how do you deal with them? Steve ============================================ Steven Lovaas, MSIA, CISSP IT Security Manager Academic Computing & Network Services Colorado State University 970-297-3707 Steven.Lovaas () ColoState EDU ============================================ -----Original Message----- From: Buz Dale [mailto:buz.dale () USG EDU] Sent: Friday, December 14, 2007 8:30 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Outside Entities Computers I would think if the ROTC brought up a machine on campus it would be be a federal (DOD) Gov't machine. As such, it should have very strict requirements. It's possible the staff in your local ROTC are not aware of this. Also, do you have a connection policy about machines connecting to your network? A special VLAN or Lan they can be placed on outside of your firewall and considered hostile? Luck, Buz On 12/14/07, jason rinne <jasonrinne () hotmail com> wrote:
The ROTC department here on campus has brought in two of their own computers to use in their office. My concern is security (anti virus, windows updates) on the computer itself and identifying who was logged in and when in case an issue ever came up. Would anyone like to share their thoughts or policies on outside entities (such as ROTC) bringing in their own computer for use in their office on campus? Jason Rinne IT Department Missouri Valley College Marshall, MO www.moval.edu ________________________________ Don't get caught with egg on your face. Play Chicktionary! Check it out!
-- Buz Dale buz.dale () usg edu IT Security Specialist 1-888-875-3697 (In GA) 1-706-583-2005 Office of Information and Instructional Technology University System of Georgia GMT -5:00
Current thread:
- Outside Entities Computers jason rinne (Dec 14)
- <Possible follow-ups>
- Re: Outside Entities Computers HALL, NATHANIEL D. (Dec 14)
- Re: Outside Entities Computers Buz Dale (Dec 14)
- Re: Outside Entities Computers Lovaas,Steven (Dec 14)
- Re: Outside Entities Computers Brad Judy (Dec 14)
- Re: Outside Entities Computers Adam Stone (Dec 14)
- Re: Outside Entities Computers Torres, Juan (Dec 14)
- Re: Outside Entities Computers Valdis Kletnieks (Dec 14)