School of Medicine WinSecure Network

About the Network

The WinSecure Network is a protected network for systems which manage specialized research instruments, but cannot be upgraded to meet Stanford security requirements and no longer receive security patches.

Clients must acknowledge and accept special network use rules for devices on this network.

Standard WinSecure Network Protections

  • • Network subnets for WinSecure machines are limited to a range of 14 devices each (/28) to limit the risk to others, should a machine become compromised. 
  • • Data transfers out are allowed, but no email or web services out; incoming traffic is severely limited as well.
  • • No traffic between these subnets is allowed.
  • • Wireless connections are inherently insecure. Wired connections are required for devices on the WinSecure network.
  • • All outbound SMTP (email) and Web access is blocked from the WinSecure subnets.
  • • Outbound file transfers are allowed to Stanford hosts (TDS Security needs to know which host will be accepting data transfers and make sure that firewall rules allow this access).
  • • Please discuss remote management or off-campus needs with TDS Security so we can ensure the proper configurations can be established.
  • • In general, off-campus outbound traffic is blocked.
  • • Inbound ping and traceroute are allowed from on-campus.  
  • • Other specific requirements should be individually identified and discussed with TDS Security.
  •  

Other Rules for Devices on the Network

  • No USB input to the Windows XP devices without special approval. Transfers should be done over the network.
  • Software License USB Keys are allowed to use the USB Ports.
  • BigFix client should be installed, although there are instances where BigFix may interrupt ongoing work processes.  In that case, please run the Stanford Device Enrollment app, a one-time process to register your machine that will not incur any continued interruptions or reporting to or from your computer.  You can reach the Stanford Device Enrollment page at https://uit.stanford.edu/service/enrollment.
  • Remote Access Requirements:
    • Direct Remote Access from within the Stanford network must be via hard-wired ethernet connection. 
    • No direct Wireless Remote Access is allowed.  
    • Off-campus Remote Access for management or vendor support can be accommodated through VPN and workgroups.  Please discuss this with TDS.