Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Public Machines
From: Tom Davis <tdavis () IU EDU>
Date: Mon, 5 Feb 2007 10:56:59 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Donald, A. Wayne said the following on 2/5/07 10:02 AM:

I have been asked to look into this practice and see if there are ways
to make it more secure ? like restricting what can be accessed, actually
having each person get some type of ID, etc.  I?m curious to find out
what some other libraries at public institutions might do and if this is
even an issue.

Wayne,

The procedures outlined below are for what we call library patron and
researcher accounts.  These accounts are used by individuals who are not
students, faculty, nor staff.  Patrons are those needing access to the
library resources and not the Internet.  Researchers are those needing
access to library resources and the Internet.

non-university Patron accounts:
 * must be limited to library resources only
 * must NOT be allowed to access the Internet
 * identity of person using a non-IU patron account need not be
   recorded
 * access is normally provided through a dedicated group of computers
   in the Library

non-university Researcher accounts:
 * are used by persons needing access to the Internet and library
   resources
 * library staff identify the person to whom the non-university
   Researcher account is issued by verifying photo ID
 * library staff record the identity of person to whom the account
   is issued and the account's userid in a log book or other record
   keeping system; these logs should be retained for at least 60
   days after the account has been disabled/deactivated
 * library staff issues account to the person
 * the account must only be valid for a limited length of time based
   on the need (e.g., 24 hours up to 6 months); the length of time
   the account is valid should be commensurate with the need; a
   shorter term is preferable, as risk to the University increases
   as the term increases.
 * the account can be renewed, but they need to expire every six
   months in order to ensure that the account record keeping system
   is up to date and that the person to whom the account was
   assigned is still using it

Hope this helps,

- --
Tom Davis, Chief IT Security Officer, CISSP, CISM, GCIA
Office of the VP for Information Technology, Indiana University
PGP key or S/MIME certificate: https://itso.iu.edu/Tom_Davis

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFx1PLcxDtdAa0EQ0RAgu6AKDwLsnJxHERGcxFPqojWlPN9+nKBgCgjkQp
gQdpAdNdYkZJVHKagwmHeC0=
=gN2w
-----END PGP SIGNATURE-----

  By Date           By Thread  

Current thread:
  • Public Machines Donald, A. Wayne (Feb 05)
    • <Possible follow-ups>
    • Re: Public Machines Tom Davis (Feb 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault