DMZ Security

A UWSN computer may only connect to the Science Network. It may not be connected to both the UW campus network, via either wired or wireless access, and the UWSN at the same time. It is encouraged that a system that has been connected to the UWSN never be reconnected to the UW core network without a complete virus scan by approved personnel and potentially a reinstallation of the operating system.

Since the UWSN is positioned outside the campus firewalls and the associated security they provide, the researcher and IT support staff will need to design the research systems' security carefully in order to balance speed, latency, and throughput with the importance of protecting both data and systems from compromise.

The researcher must ensure that NO confidential personal data, such as SSN/address/birthdate, etc., of is stored on the systems connected to the UWSN at any time with the exception of encrypted passwords.

Further enhanced security policy include that all systems MUST run a host based firewall, adhere to UWSN password and authentication policies (LINK NEEDED), and observe operating system best practices defined in the UWSN security documentation.

The UW Network, Security and Research groups will scan systems connected to the UWSN at intervals to look for security problems and concerns. The researcher of record will be notified of systems with problems and must within a reasonable period (depending on the problem and availability of fix) respond indicating the problem has been appropriately repaired. The system will be rescanned at that time. Failure to respond or fix will result in the system being disconnected from the UWSN.

Secure connections to the UWEN and associated networked resources (i.e., WyoWeb, Banner, etc.) from the UWSN can be established using the UW VPN server via a two factor authentication mechanism. This will allow access to both the UWSN and the campus network using a single hardwired network connection.