- Why is the University moving to this model?
- What are the benefits of moving to a Protected Network?
- How does moving to the Protected Network secure my device?
- What types of devices should we move to the Protected Network?
- How will I access my PC from off-campus?
- After the transition, what happens if remote access to my device from off-campus is required?
- How does this move impact me?
- Who do I contact if there is a problem?
- What are the challenges to moving to a Protected Network?
- What should NOT be moved into the Protected Network?
- Can rules be added to a Protected Network to allow access to my connected devices?
Adopting this policy and supporting the move to protected networks would be a large step toward mitigating attacks on campus. It is also inline with a larger University goal to secure the wired and wireless networks.
Equipment moved to a Protected Network is no longer subject to attacks or scans from malicious entities on the Internet. This solution will also allow us to secure departmental systems with a simple modification to the network that requires little work on the part of local IT staff and no action on the part of the customer.
With this transition, we are able to enforce a simple, yet effective, security policy to customer equipment protecting these devices from outside threats. At the same time, it allows unrestricted access to the rest of campus and the Internet.
What types of devices should we move to the Protected Network?
As we move towards applying a more consistent security model for our campus networks, departmental equipment should be secured from the Internet. These could include:
- Desktop PCs
- Laboratory equipment
- and any other device with a wired connection to the network.
Currently, certain types of remote access to equipment from off-campus require the use of the VPN (Virtual Private Network) client provided by Comtech. Once the network has been transitioned, the VPN client must be used for all remote access.
If the access is required for NCSU affiliated individuals they may use the NCSU VPN provided by ComTech. If the access is required by non-NCSU affiliated individuals then the device will need to be transitioned out of the Protected Network and into an Unprotected Network.
How does this move impact me?
During the scheduled maintenance window for this move, there will be a brief interruption of all network services of approximately 10 minutes. Once the network is moved to the new environment, we would work with local IT support to ensure all needed access is available.
Your local IT support is your first point of contact if there is an issue with your system connectivity. In the event that some access has been removed for a particular system, we would work quickly with the local IT support to resolve the issue.
Most traffic originates from the Client PC to an external host. Traffic originating from off-campus to our client PCs is not the typical flow of traffic. Although we will work with the local IT support to determine the departmental applications used, there may be applications or devices that may not work as expected. If this happens we will work with the local IT support to resolve the issue.
- Equipment needing to be accessed by an external vendor or other outside entity without NCSU VPN access.
- Departmental Servers accessed from the Internet (web servers, etc)
- Polycom devices
- Specialized devices that already have their own secured Networks (PCI, SCADA, COPY/PRINT, etc)
Your local IT support is your first point of contact if there is an issue with your system connectivity. In the event that some access has No. Due to the broad and general use of the Protected Network, no additional security exceptions will be added to support connectivity to a specific device. If a device needs to be accessed from off-campus by a non-NCSU affiliated entity, then the device will need to be moved to an Unprotected Network.