[unisog] Mobile Workstation Policy
fportnoy at mail.plymouth.edu
Wed Apr 7 13:22:17 GMT 2004
i just have one anecdote to offer - - - one of our employees had an EPO
client installed on her laptop; when she left us and moved to another
institution, our EPO guy reported that her machine showed up on his list
with her new IP address and continued to get updated through our system.
From: Adam Brons [mailto:abrons at odu.edu]
Sent: Tuesday, April 06, 2004 7:58 AM
To: unisog at sans.org
Subject: [unisog] Mobile Workstation Policy
We are about to purchase new workstations for everyone in the IT department.
Some of the administrators have opted to get laptops for workstations. As a
security administrator this doesn't give me the warm and fuzzies. Some of
the things the security staff are concerned about are:
- Admins connecting their laptop to their home ISP's network,
getting infected with the virus/worm of the day, and bringing it
back into our network where they may or may not have access to
sensitive systems which normal users on our network do not.
- There are times where sensitive data could be stored on an Admin's
workstation. With the workstation being stationary on our
network we can take measures to best insure that the workstation
is not compromised via the network and by keeping software
up-to-date using automated processes we can safe guard against
software vulnerabilities. I do not feel that we have the same
control over laptops. In most cases, Laptops are not managed
centrally as of yet.
- Though this is not as likely there is also the possibility of
installing 3rd party software which could install key stroke
loggers that would capture username/password combinations for
sensitive systems. We normally police this on stationary
workstations through centralized management, which would not
be so easy to do on a transient laptop.
- And of course there is theft. I could be wrong, but I believe
that laptops are at the top of the list for items stolen. Not to
mention all the information that is sensitive which now belongs to
So to summarize:
We're worried about sensitive information being leaked and
infection of protected networks via the laptop when placed back on
What have other institutions done to safe guard against any of the
above bullets, or anything else which I've not mentions?
What policies do you have in place? How do you enforce them?
Any information you can offer would be greatly appreciated.
Adam Brons Data Security Administrator
tel: 757.683.4855 Office of Computing and Communications Services
fax: 757.683.5155 Old Dominion University - Norfolk, Virginia. USA
DSA ID F1B1F49B: 72F0 E0FC 08BF A1FE 5677 C48F 4D83 C8B2 F1B1 F49B
More information about the unisog