Research areas had private VLAN addresses. The default (initiated with Baker Lab's network upgrade) is that each system will instead have a public IP, within a VLAN shared by all Chemistry research units.
See also
Pros and Cons of changing Chemistry's Research network topology
Consideration | Pros/ Cons to changing, | Old: | New: |
---|---|---|---|
Detection of compromise, and resolution | Pro | CIT could only "see" to the private VLAN level. | Problem will be identified to specific compromised device. |
Scope of exposure, if there is a compromised machine | Con | Scope limited to a single research group's machines. | Scope potentially expanded to all Chemistry research groups' systems. |
Complexity | Pro | Additional components (routers, connections) could fail. (Historically this has not been a liability.) | Network architecture fully provisioned by CIT. |
Configuration capabilities | Pro | Each exception would require modification of the network's security configuration (access control list, or ACL). | Each exception would require modification of the network's security configuration (access control list, or ACL). |
|
|
|
|
Other thoughts
Invest in a high-end hardware firewall to serve all of Chemistry's networks. Partner with CU's IT Security to provision this service, which aligns with their strategy. Funding and university prioritization are the current road-blocks, so consider piloting this?