WinSecure Network - FAQ
Frequently Asked Questions
The WinSecure Network was designed to protect computers which run specialized scientific equipment or applications and which cannot meet the University data security requirements. This includes devices which are using unsupported operating systems, which cannot be upgraded due to the third party equipment or applications they use.
As the University currently has a deadline to encrypt all devices by May 31, 2015, any device that cannot meet this deadline and/or which runs an unsupported operating system, should be migrated to the WinSecure Network. The first step is to request a Data Security Exception (requires SUNet ID). Review and approval of this request will initiate the process to migrate your machine to the secure network.
On April 8, 2014, Microsoft officially stopped supporting Windows XP. This means XP is an "end-of-life" operating system. Though Windows XP may still be running as usual on your device, the lack of support from Microsoft means there will no longer be any new operating system updates or security patches.
The lack of any further updates means that your system will remain unprotected from newly-discovered viruses or bugs for hackers to exploit. Gradually, malware has the potential to accumulate on your computer (from phishing attempts, suspicious email attachments, corrupted USB drives, external hard drives, etc).
A compromised computer is vulnerable to attack, leading to possible theft of login credentials, private information, and unpublished work. A compromised computer may even be harnessed and used to attack other computers on the campus network. For all these reasons, if an end-of-life system can't be upgraded, it should be placed on a secure network for everyone's protection.
Please review the list below to see when support for your Operating System (OS) will end.
Currently Unsupported Operating Systems
MAC
10.7 - End Date - 10/2014
10.6 - End Date -2/26/2014
10.5 - End Date - 6/23/2011
10.4 - End Date - 9/2009
10.3 - End Date - 6/8/2001
Windows
Win 2003 Server - End Date - 7/14/2015
WinXP - End Date - 4/8/2014
Vista - End Date - 6/2012
Win 2000 (WKS) - End Date - 7/13/2010
Win 2000 Server - End Date 7/13/2010
WinNT 4 (Wks) - End Date - 7/1/2006
Win98/98 SE/ - End Date - 6/30/2002
Win95 - End Date - 12/31/2001
Though your operating system may still be running as usual on your device, the lack of vendor support means there will no longer be any new operating system updates or security patches. The lack of support means that your system will remain unprotected from newly-discovered viruses or bugs for hackers to exploit. An unsupported operating system is vulnerable to attack, leading to possible theft of login credentials, private information, and unpublished work. For these reasons, an unsupported end-of-life operating system should be upgraded to today's standards.
Data Security Exceptions can be requested for devices that cannot meet the data security requirements but which are critical to the operation of critical research applications or equipment. Exceptions can be requested at https://med.stanford.edu/datasecurity/exceptions/
Most online resources are not directly accessible from your protected computer. You should access these resources from another system on the network.
You can transfer files to another compliant campus computer which can be used to reach the off-campus web host. Please let us know your specific requirements ahead of time so we can assist you with the process.
No. The protected network includes much smaller ranges to limit the potential influence of devices on each other. The address will still be obtained via DHCP, along with the other network configuration parameters.
Yes, you will be able to connect using approved remote protocols over VPN with your SUNet credentials. When we work with you to migrate your computer, please be sure to let us know you will have this requirement. IRT-Security will need to know your SUNet ID, the IP address being assigned (or Exception Request #), and the remote protocol you will be using (such as RDP or ARD.)
No the existing firewall rules will not be automatically transferred. Please be sure to identify your firewall rule requirements when working with us to migrate your computer. Please be aware that some firewall rules are limited on WinSecure. We will work with you to ensure that your critical scientific equipment and/or applications are still able to function as they do now.
No, any data transfer requirements you have should be done over the network rather than on USB devices. On an end-of-life operating system, accidentally transferring malware or viruses to or from this computer is a greater risk since you cannot protect this computer's operating system with patches or system updates. The only off-network exceptions that have been approved are those where there is no electronic data transfer from the scientific system being operated.
Yes, although CrashPlan is not a data transfer solution. It provides backup for your data in the event of a system failure. Additionally, your backup must be directed to the local CrashPlan appliance rather than the cloud storage. Please work with IRT to ensure your account is set up appropriately.
Please let us know ahead of time that you need this specific access so we can assist you with the appropriate sponsorships and workgroups access into the network to reach your system.
No outbound web access is allowed from devices on the WinSecure Network. This includes both ports 80 and 443. These devices are specifically given exceptions from data security requirements because they are needed to manage specialized equipment or software. Other devices on the network should be used to reach other campus and off-campus web resources.
Please let us know ahead of time about your software upgrade requirements so we can identify a secure solution to meet your needs.