Educause Security Discussion mailing list archives

Re: Manual locking workstations

From: Bob Bayn <bob.bayn () USU EDU>
Date: Wed, 20 Apr 2011 20:20:06 +0000

We use "peer pressure" in our local group to encourage locking before stepping away.  An unattended workstation might 
result in freeing the fish (linux) or pointing the browser at the Gunther website.  Most users won't let that happen 
twice.  Depending on the local audience, you may have to pick another website.  Maybe you could build an appropriate 
(or suitably inappropriate) webpage locally for this purpose only.

We have no institutional policy requiring locking unattended stations nor even a stated practice recommending it.  
Various units may require it, depending on the risks associated with unauthorized use combined with the exposure to 
unauthorized users.  I realize that any office with two employees has two instances of an unauthorized user of the 
other user's login, but I don't lose any sleep over that.

Meanwhile, I lock my workstation before leaving, even though I trust my immediate co-workers implicitly.  I trust that 
they would take advantage of such an opportunity in one, and only one, way.

Bob Bayn                    (435)797-2396                 Security Team
                  You are on the Security Team, too.
Be an Internet Skeptic!  There's nothing really free on the 'net
Office of Information Technology     at     Utah State University
            http://tinyurl.com/bicyclists-share-kidneys
________________________________

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of ANDREA 
Grover
Sent: Wednesday, April 20, 2011 3:00 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Manual locking workstations

I am working our Secure Computing Standard and am stuck in discussions about manually locking workstations. We already 
require that workstations are set to automatically lock after a specified time, but are also wondering about making the 
manual locking of workstations a requirement or a recommendation.

What policies and/or practices are in place for other universities and groups? Is it a requirement or a recommendation 
that they lock their workstations when they leave it?

If I can get any feedback on this I would appreciate it very much.

Andrea Grover
Weber State University - Network Security

Current thread:

Manual locking workstations ANDREA Grover (Apr 20)
- Re: Manual locking workstations Mclaughlin, Kevin (mclaugkl) (Apr 20)
  - Re: Manual locking workstations Sarazen, Daniel (Apr 21)
- Re: Manual locking workstations Hart, Lee Anne (Apr 20)
  - Re: Manual locking workstations Bob Bayn (Apr 20)