Staff vs Research Network

This page is has been moved to the new SoC Document Repository. The new URL for this page is: https://docs.comp.nus.edu.sg/node/1719

Staff users are generally connected to the Staff Network inside their offices. Sometimes, staff users may want to use the Research Network instead. This document explains the difference between the two networks. In particular, this document will explain the security implications of moving to the Research Network.

Staff Network

The SoC Staff Network is setup to be a secure network for staff where several security measures are implemented or enforced, including for example the following features:

1. Firewall and router access-controls that prevent outside access to machines inside the Staff Network. This prevents accidental exposure to outsiders even when machines are unintentinally misconfigured.
2. Network access is restricted only to staff users. Non-staff users (i.e. students or outsiders) are not permitted to connect their computers to this network.
3. Physical security considerations prevent non-staff users (i.e. students or outsiders) from having access to network cables or network points in the Staff Network. (This assumes there is no physical break-in.)

Denying non-staff users access to the Staff Network prevents localized intra-subnet probes and attacks that cannot be controlled by firewall and router ACLs.

In the interest of security, staff users should do all sensitive academic, research or administrative work only on computers connected to the Staff Network. Other security measures are still important. This includes keeping up-to-date with security patches, using anti-virus software, having good password security, avoid leaving logged in sessions unattended, etc.

Research Network

The research segment, on the other hand, is largely a free-for-all network with minimal security enforced by the network. Users can provide services which are exposed to outside SoC and the Internet. There are a number of security and access concerns with this network:

1. These computers can be accessed from outside SoC and the Internet, giving rise to the possibility of probing, unauthorized access and compromise/break-in by outsiders.
2. Non-staff users (i.e. students and possibly outsiders) may have administrative control of computers in this network. These users may have the ability to run programs to conduct activities such as sniffing passwords, launch attacks, redirect traffic, etc.
3. Outsider attackers who have successfully gained unauthorized access or compromised these machines can also perform actions listed above.
4. Although this is prohibited, many irresponsible users often use the Research Network as a testbed or learning ground to experiment with unfamiliar programs, services or protocols, and sometimes cause unintentional denial of service attacks against basic network services in this network.
5. To date, almost all cases of remote root compromises happen in this Research Network.

Recommendations

Regardless of which network you connect to, it is important that you always take all practical security measures to safeguard your computer to prevent unauthorized access or intrusions.

You should always connect to the Staff Network where possible. If you have to connect to the Research Network for any reason, you must take additional security measures to enforce access-controls, monitor your log files, etc.