Protected Network FAQ

Why is the University moving to this model?

Adopting this policy and supporting the move to protected networks would be a large step toward mitigating attacks on campus. It is also inline with a larger University goal to secure the wired and wireless networks.

 

What are the benefits to moving to a Protected Network?

Equipment moved to a Protected Network is no longer subject to attacks or scans from malicious entities on the Internet. This solution will also allow us to secure departmental systems with a simple modification to the network that requires little work on the part of local IT staff and no action on the part of the customer.

 

How does moving to the Protected Network secure my device?

With this transition we are able to enforce a simple, yet effective, security policy to customer equipment protecting these devices from outside threats. At the same time, it allows unrestricted access to the rest of campus and the Internet.

 

What types of devices should we move to the Protected Network?

As we move towards applying a more consistent security model for our campus networks, departmental equipment should be secured from the Internet. These could include:

  • Laptops
  • Desktop PCs
  • Laboratory equipment
  • and any other device with a wired connection to the network.

 

How will I access my PC from off campus?

Currently, certain types of remote access to equipment from off-campus require the use of the VPN (Virtual Private Network) client provided by Comtech. Once the network has been transitioned, the VPN client must be used for all remote access.

 

After the transition, what happens if remote access to my device from off campus is required?

If the access is required for NCSU affiliated individuals they may use the NCSU VPN provided by ComTech.  If the access is required by non-NCSU affiliated individuals then the device will need to be transitioned out of the Protected Network and into an Unprotected Network.

 

How does this move impact me?

During the scheduled maintenance window for this move, there will be a brief interruption of all network services of approximately 10 minutes. Once the network is moved to the new environment, we would work with local IT support to ensure all needed access is available.

 

Who do I contact if there is a problem?

Your local IT support is your first point of contact if there is an issue with your system connectivity. In the event that some access has been removed for a particular system, we would work quickly with the local IT support to resolve the issue.

 

What are the challenges to moving to a Protected Network?

Most traffic originates from the Client PC to an external host. Traffic originating from off-campus to our client PCs is not the typical flow of traffic. Although we will work with the local IT support to determine the departmental applications used,  there may be applications or devices that may not work as expected. If this happens we will work with the local IT support to resolve the issue.

 

What should NOT be moved into the Protected Network?

Some systems are not candidates for moving to a Protected Network such as:

 

  • Equipment needing to be accessed by an external vendor or other outside entity without NCSU VPN access.
  • Departmental Servers accessed from the Internet (web servers, etc)
  • Polycom devices
  • Specialized devices that already have their own secured Networks (PCI, SCADA, COPY/PRINT, etc)

 

Can rules be added to a Protected Network to allow access to my connected devices?

No. Due to the broad and general use of the Protected Network, no additional security exceptions will be added to support connectivity to a specific device. If a device needs to be accessed from off-campus by a non-NCSU affiliated entity, then the device will need to be moved to an Unprotected Network.