The Stanford LAN Extension (SLE) was implemented to enable access to Stanford resources from the VA Hospital. This means that you can have your machine, while physically located at the VA hospital, placed onto the School of Medicine network in order to access Stanford resources.

Users will have to follow VA rules as well as School of Medicine security rules—which means that any computer brought onto the VA campus MUST be registered, certified, and encrypted, whether it contains any sensitive information or not. (These rules apply to personal computers as well, should they be brought onto VA property.)

Read the instructions below on setting up your computer on the SLE, and on following proper security practices once connected. NOTE: No VA-funded equipment is allowed on the SLE.

1. Permitted Operating Systems:

• PC: Windows 7 Ultimate, Windows 8.1 Pro, Windows 10 Pro
  
• Mac: Mountain Lion (Mac OS 10.8), Maverick (Mac OS 10.9), Yosemite (Mac OS 10.10)
  

2. Install the following essential software:

• Stanford Anti-Malware 1.0 — System Center Endpoint Protection (SCEP)  NOTE: Stanford has switched from using Sophos to using SCEP, and Sophos is no longer operational; you must manually make the switch to SCEP. The SCEP installer will automatically uninstall Sophos for you. (SCEP info and downloads for Windows or Mac.)
• Bigfix — antivirus and patch management software (download for Windows or Mac)
• CrashPlan — automatically backs up your information to a secure, centralized Stanford server.  The software is free for Stanford Medicine affiliates. (info and downloads for Windows or Mac)
• Desktop Configuration Management Tool (DCM), automating your computer's correct network and security settings. The DCM will be installed by the Stanford IT support person, Ed Lee.
•  

3. You will need to encrypt your computer with Stanford Whole Disk Encryption, which encrypts your entire drive with either FileVault 2 (Mac OS 10.8 and later) or BitLocker (Windows 7 Ultimate/8.1 Pro/10 Pro). To find out how to encrypt your system, visit the Data Security Program homepage or consult local IT support. If you use USB drives or other external storage, those must be encrypted as well.

4. Your computer must be registered with a 2235 form; email Ed Lee for assistance.

5. Once the necessary registration has been completed, a sticker will be placed on the laptop to identify it as a Stanford computer (VA sticker, according to VA policy). This is distinct from the Stanford Property Inventory sticker; the red SLE sticker confirms that your computer (or phone, or mobile device) is properly registered, certified, and encrypted.

6. USB and external storage devices must be on the VA list of approved devices before they can be used on the VA campus. Please contact Ed Lee for more information.

7. No Skype or other peer-to-peer applications (BitTorrent, eMule, LimeWire, etc) are allowed on the Stanford LAN extension.

Only certain areas of the VA were wired for the Stanford LAN Extension as the network was being built. Any new connections will likely require additional funding, as there will have to be new cable run and other new networking equipment installed. Therefore, if your location is not currently part of the SLE, and you need a connection, you should direct your request to the following people:

• Contact Ed Lee ( edklee@stanford.edu ) and let him know about your connection needs.
• Contact IRT Security: file a help ticket, or call us at 725-8000 (option 4), and we will assess your situation and help you with the next steps.

Once you are on the network, you are personally responsible for maintaining the security of your own computer and the information stored on it. To make sure that you're handling your information the right way, read on for proper file storage and transfer practices, and general security habits.

Secure File Storage

As part of the Data Security Program, the School of Medicine has a centralized backup server. Stanford folks will need to use the CrashPlan server to back up any computers used to access University files. The CrashPlan service is free, and it backs up your information daily and automatically.  For more, see the Data Security Program Backup FAQ.

Secure Email

• Stanford Secure Email (secureemail.stanford.edu) is integrated into the Stanford Webmail system, allowing you to send encrypted emails when you need to discuss High Risk (formerly Prohibited or Restricted) information.

Secure File Transfer

• MedSecureSend (mss.stanford.edu) helps you securely send files up to 20GB in size, to colleagues on or off-campus.
  

Establishing Proper Security Habits

• Do not share SUNetIDs and passwords—not even with tech support.
• Use strong passwords for all your accounts.
• Lock your desktop whenever you leave your cubicle or office:
  • Windows - CTRL+ALT+DEL, Enter or Window+L
  • Macs - use a hot corner to lock or initiate the screen saver
• Never leave sensitive hardcopy material exposed; make a habit of turning documents facedown, and put unnecessary documents away.
• Shred financial documents and papers with personal information before you discard them.
• Don't give out personal information on the phone, through the mail, or over the Internet unless you are sure who you are dealing with.
• Never click on links in unsolicited emails.
• Keep your personal information in a secure place at home, especially if you have roommates, employ outside help, or are having work done in your house.
• Ensure your environment is physically secure.
• When in doubt, don't.

Since every computer on VA property must be registered, certified, and encrypted, the same rule applies to any computer belonging to a visiting colleague or presenter. A computer without a red sticker will be confiscated and returned only after the encryption process is complete—which may take up to two days—so if you are on the VA campus and expecting visitors, consider the following:

• Have collaborators or presenters send you all necessary files ahead of time, so that they do not need to bring a computer on campus; conference rooms have approved computers available for your use.
  
• The VA Hospital parking lot is constantly patrolled and is highly secure; visitors are encouraged to lock a computer in the trunk of their car rather than bring it on campus to have it confiscated.
• If one of your colleagues is expecting to visit campus multiple times, you can contact Ed Lee and have their computer registered as well.

To connect to the SLE from home, or from other Stanford networks, you will need to request port access to the Stanford LAN Extension by submitting a HelpSU ticket.  All incoming traffic is blocked unless authorized by IRT security.

Another option besides requesting a firewall exception is to connect to Stanford resources using the University VPN (Virtual Private Network). With the VPN client, you can also use a Remote Desktop Connection to access your work computer from afar.

If you use your home computer for work, and you discuss High Risk or Moderate Risk information (formerly prohibited, restricted, or confidential information), you will need to encrypt your home computer as well. As a Stanford user, you have free access to the SWDE encryption helper, which uses your computer's native encryption software, so you should use the same SWDE process to protect your home computer.

All Stanford computing equipment on the VA campus must conform to the security rules set forth by the VA and by Stanford. Below is a chart outlining which entity has which requirements:

If you have any other questions or need help with the SLE, contact Ed Lee (edklee@stanford.edu) at the VA, or contact IRT Security: file a help ticket, or call us at 725-8000 (option 4).