...
- Devices on this network can neither connect to the other networks or be connected to except for a single ACMS workstation that must connect with iCard systems elsewhere on campus.
- This ACMS workstation can only be connected to via RDP from a single remote workstation run by Facilities & Services for troubleshooting and support.
- All other remote connections, even if temporary for support, must be approved by the Security Office.
...
Isolated Zones
Definition:
Sometimes there is a need for a special subnet that is treated no differently than an external network and does not route internally with NCSA systems. This could be because the systems on the subnet would not meet the requirements of this policy (e.g., they bring their own unmonitored WAN links or cannot be hardened sufficiently), it is actually an external network extruding into our physical infrastructure, or that external requirements or regulations require extra isolation.
...
- Connections to other NCSA hosts would not be allowed unless exiting and reentering the NCSA network.
- Security can approve limited exceptions to whitelist direct access to key NCSA services, such as DNS, and these exceptions will be documented.
- Systems in an island isolated zone are treated as external from a security perspective. As such, they may not benefit from any of the security services or monitoring normally provided.