Educause Security Discussion mailing list archives

Re: Networking Design Recommendations for Scientific Equipment


From: "Hahues, Sven" <shahues () FGCU EDU>
Date: Thu, 14 Jun 2018 20:06:54 +0000

Hi all,

The only thing I have heard of is the concept of the Science DMZ that has been making its way through some of the 
meetings with our SUS counterparts.

The concept is basically a close to "frictionless" network used to interconnect research computing environments.

https://fasterdata.es.net/science-dmz/

They have a specific section on security:

https://fasterdata.es.net/science-dmz/science-dmz-security/

As far as published guidelines go, I am not aware of any.

Sven

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Alex Keller
Sent: Wednesday, June 13, 2018 5:19 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Networking Design Recommendations for Scientific Equipment

Nicklaus et al,

 

I don’t have any specific recommendations to share but am keenly interested in this topic. We support dozens of 
research labs with network capable scientific equipment (either direct Ethernet/WiFi or via a workstation purpose built 
and sold with the device) which does NOT meet our campus minimum security standards for network access. These 
conditions have organically evolved into labs without any network (Sneakernet and USB drives), private LANs with no 
Internet gateway, folks lobbying for exceptions to the standards, rogue WiFi, LTE hotspots, and everything in between.

 

I’ve mused about possible approaches like a private LAN with hardened proxy kiosk for access (and export of data) to 
the public network.

 

I would be happy to discuss offline, please keep me posted.

 

Best,

Alex 

 

Alex Keller

Stanford | Engineering

Information Technology

axkeller () stanford edu <mailto:axkeller () stanford edu> 

(650)736-6421

 

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Nicklaus 
Giacobe
Sent: Tuesday, June 12, 2018 9:21 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Networking Design Recommendations for Scientific Equipment

 

Does anyone have documented recommendations for plugging scientific equipment into campus computer networks?  I’ve been 
asked to consult for a local lab whose scientists are having some difficulty communicating with their IT support folks. 
 I can imagine lots of recommendations for no networking, local area networking only, no wireless, yes wireless, 
VLANed, firewalled, bridged control systems, never having control systems with Internet access, etc.

 

So while I am interested in hearing from you regarding specific individual recommendations, I’m more curious if there 
are specific documented recommendations and plans that sit somewhere between “Great ideas shared among colleagues” and 
a top-level policy guidance document that I might get from NIST.

 

---

Nicklaus A. Giacobe, Ph.D.

Director of Undergraduate Programs and Assistant Teaching Professor

Phone: 814-865-8233

College of Information Sciences and Technology

Penn State University

E333 Westgate Building

University Park, PA 16802


Current thread: