Mobile Workstation Policy
abrons at odu.edu
Tue Apr 6 11:58:26 GMT 2004
We are about to purchase new workstations for everyone in the IT
department. Some of the administrators have opted to get laptops
for workstations. As a security administrator this doesn't give me
the warm and fuzzies. Some of the things the security staff are
concerned about are:
- Admins connecting their laptop to their home ISP's network,
getting infected with the virus/worm of the day, and bringing it
back into our network where they may or may not have access to
sensitive systems which normal users on our network do not.
- There are times where sensitive data could be stored on an Admin's
workstation. With the workstation being stationary on our
network we can take measures to best insure that the workstation
is not compromised via the network and by keeping software
up-to-date using automated processes we can safe guard against
software vulnerabilities. I do not feel that we have the same
control over laptops. In most cases, Laptops are not managed
centrally as of yet.
- Though this is not as likely there is also the possibility of
installing 3rd party software which could install key stroke
loggers that would capture username/password combinations for
sensitive systems. We normally police this on stationary
workstations through centralized management, which would not
be so easy to do on a transient laptop.
- And of course there is theft. I could be wrong, but I believe
that laptops are at the top of the list for items stolen. Not to
mention all the information that is sensitive which now belongs to
So to summarize:
We're worried about sensitive information being leaked and
infection of protected networks via the laptop when placed back on
What have other institutions done to safe guard against any of the
above bullets, or anything else which I've not mentions?
What policies do you have in place? How do you enforce them?
Any information you can offer would be greatly appreciated.
Adam Brons Data Security Administrator
tel: 757.683.4855 Office of Computing and Communications Services
fax: 757.683.5155 Old Dominion University - Norfolk, Virginia. USA
DSA ID F1B1F49B: 72F0 E0FC 08BF A1FE 5677 C48F 4D83 C8B2 F1B1 F49B
More information about the unisog