Protected Network FAQ

Contents

 

Why is the University moving to this model?

Adopting this policy and supporting the move to protected networks would be a large step toward mitigating attacks on campus. It is also inline with a larger University goal to secure the wired and wireless networks.

(Back to Top)

 

What are the benefits of moving to a Protected Network?

Equipment moved to a Protected Network is no longer subject to attacks or scans from malicious entities on the Internet. This solution will also allow us to secure departmental systems with a simple modification to the network that requires little work on the part of local IT staff and no action on the part of the customer.

(Back to Top)

 

How does moving to the Protected Network secure my device?

With this transition, we are able to enforce a simple, yet effective, security policy to customer equipment protecting these devices from outside threats. At the same time, it allows unrestricted access to the rest of campus and the Internet.

(Back to Top)

 

What types of devices should we move to the Protected Network?
As we move towards applying a more consistent security model for our campus networks, departmental equipment should be secured from the Internet. These could include:

  • Laptops
  • Desktop PCs
  • Laboratory equipment
  • and any other device with a wired connection to the network.

(Back to Top)

 

How will I access my PC from off-campus?

Currently, certain types of remote access to equipment from off-campus require the use of the VPN (Virtual Private Network) client provided by Comtech. Once the network has been transitioned, the VPN client must be used for all remote access.

(Back to Top)

 

After the transition, what happens if remote access to my device from off-campus is required?

If the access is required for NCSU affiliated individuals they may use the NCSU VPN provided by ComTech.  If the access is required by non-NCSU affiliated individuals then the device will need to be transitioned out of the Protected Network and into an Unprotected Network.

(Back to Top)

 

How does this move impact me?
During the scheduled maintenance window for this move, there will be a brief interruption of all network services of approximately 10 minutesOnce the network is moved to the new environment, we would work with local IT support to ensure all needed access is available.

(Back to Top)

 

Who do I contact if there is a problem?

Your local IT support is your first point of contact if there is an issue with your system connectivity. In the event that some access has been removed for a particular system, we would work quickly with the local IT support to resolve the issue.

(Back to Top)

 

What are the challenges of moving to a Protected Network?

Most traffic originates from the Client PC to an external host. Traffic originating from off-campus to our client PCs is not the typical flow of traffic. Although we will work with the local IT support to determine the departmental applications used,  there may be applications or devices that may not work as expected. If this happens we will work with the local IT support to resolve the issue.

(Back to Top)

 

What should NOT be moved into the Protected Network?
Some systems are not candidates for moving to a Protected Network such as:

  • Equipment needing to be accessed by an external vendor or other outside entity without NCSU VPN access.
  • Departmental Servers accessed from the Internet (web servers, etc)
  • Polycom devices
  • Specialized devices that already have their own secured Networks (PCI, SCADA, COPY/PRINT, etc)

(Back to Top)

 

Can rules be added to a Protected Network to allow access to my connected devices?

Your local IT support is your first point of contact if there is an issue with your system connectivity. In the event that some access has No. Due to the broad and general use of the Protected Network, no additional security exceptions will be added to support connectivity to a specific device. If a device needs to be accessed from off-campus by a non-NCSU affiliated entity, then the device will need to be moved to an Unprotected Network.

(Back to Top)