Seven Security Guidelines for Managing Computing Labs

If you manage a computer lab, you are undoubtedly familiar with many of these security guidelines. If you are considering setting up a computer lab in your department, we hope you find these strategies useful.

1. Know who uses your resources. If you have a small group of users, you can set up accounts each quarter for all of them on a local file server and force your machines to log in to that server before they can use your resources. You can check identification at the door, or do spot checks during the day. Whatever you do, it is best to ensure that those rules are posted clearly, so that the people who use your facility will know what to expect.

2. Secure your physical machines. Theft is always a problem. CPUs, memory, and even the mouse at a workstation are prime targets. Lockdown kits are not cheap, but they do save on replacement costs in the long run. Marking your equipment with large engraved identifiers also makes stealing it less attractive.

3. Have your staff keep an eye on things. Your security guard or support staff should know that it is part of their job to watch for theft, abuse, and illegal activities. If you are establishing a lab, give careful thought as to where the staff station, if there is one, should go. Its location should help your staff safeguard the facility, as well as be accessible to users.

4. Consider your permissions on resources for any servers you control. You leave a server open to abuse if you do not pay close attention to the settings that are in place by default.

5. Physically isolate your server. This will help prevent intentional security violations as well as accidental reboots, which are a plague among servers accessible by people other than the system administrators.

6. Communicate with others in your field to help keep up with the latest security issues (viruses, hacks, patches) that surface. The LanAdmin email list and newsgroup may be a good place to start. Go to Computing and Networking Information for UW Computing Support Staff at www.washington.edu/computing/support/ and under "Relevant Email Distribution Lists" select LanAdmin to find out about BugNet, presentations, and meetings. You may also want to take a look at NetSys.

7. Back-up your servers as often as you make changes that you do not want to lose. This helps in case of security issues as well as disaster recovery. If your system is hacked, it is often a good idea to restore an entire copy from an uncorrupted back-up just to be sure there is not a back door that has been left open, or something dangerous floating around on your system.