Educause Security Discussion mailing list archives
Re: Public Machines
From: Tom Davis <tdavis () IU EDU>
Date: Mon, 5 Feb 2007 10:56:59 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Donald, A. Wayne said the following on 2/5/07 10:02 AM:
I have been asked to look into this practice and see if there are ways to make it more secure ? like restricting what can be accessed, actually having each person get some type of ID, etc. I?m curious to find out what some other libraries at public institutions might do and if this is even an issue.
Wayne, The procedures outlined below are for what we call library patron and researcher accounts. These accounts are used by individuals who are not students, faculty, nor staff. Patrons are those needing access to the library resources and not the Internet. Researchers are those needing access to library resources and the Internet. non-university Patron accounts: * must be limited to library resources only * must NOT be allowed to access the Internet * identity of person using a non-IU patron account need not be recorded * access is normally provided through a dedicated group of computers in the Library non-university Researcher accounts: * are used by persons needing access to the Internet and library resources * library staff identify the person to whom the non-university Researcher account is issued by verifying photo ID * library staff record the identity of person to whom the account is issued and the account's userid in a log book or other record keeping system; these logs should be retained for at least 60 days after the account has been disabled/deactivated * library staff issues account to the person * the account must only be valid for a limited length of time based on the need (e.g., 24 hours up to 6 months); the length of time the account is valid should be commensurate with the need; a shorter term is preferable, as risk to the University increases as the term increases. * the account can be renewed, but they need to expire every six months in order to ensure that the account record keeping system is up to date and that the person to whom the account was assigned is still using it Hope this helps, - -- Tom Davis, Chief IT Security Officer, CISSP, CISM, GCIA Office of the VP for Information Technology, Indiana University PGP key or S/MIME certificate: https://itso.iu.edu/Tom_Davis -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFx1PLcxDtdAa0EQ0RAgu6AKDwLsnJxHERGcxFPqojWlPN9+nKBgCgjkQp gQdpAdNdYkZJVHKagwmHeC0= =gN2w -----END PGP SIGNATURE-----
Current thread:
- Public Machines Donald, A. Wayne (Feb 05)
- <Possible follow-ups>
- Re: Public Machines Tom Davis (Feb 05)