Information Resources & Technology (IRT)

Stanford LAN Extension (SLE)

Need Help?

 

Ed Lee

Please submit an email to

Overview | Setup Instructions | New SLE Connections | Security Practices | Visitors | Connecting From Home | Reference Chart | Help

Overview

The Stanford LAN Extension (SLE) was implemented to enable access to Stanford resources from the VA Hospital. This means that you can have your machine, while physically located at the VA hospital, placed onto the School of Medicine network in order to access Stanford resources.

Users will have to follow VA rules as well as School of Medicine security rules—which means that any computer brought onto the VA campus MUST be registered, certified, and encrypted, whether it contains any sensitive information or not. (These rules apply to personal computers as well, should they be brought onto VA property.)

Read the instructions below on setting up your computer on the SLE, and on following proper security practices once connected. NOTE: No VA-funded equipment is allowed on the SLE.

 

Setup Instructions: Requirements For Using An SLE Network Connection

1. Permitted Operating Systems:

2. Install the following essential software:

3. You will need to encrypt your computer with Stanford Whole Disk Encryption. (PGP is being phased out, in favor of solutions that are native to the operating system. If you have been running PGP, you are encouraged to transition to one of the three supported solutions.) Users should encrypt their entire drive with: FileVault 2 for Mac OS 10.7 & 10.8; BitLocker for some versions of Windows 7 and 8, or McAfee Endpoint for other systems. To find out how to encrypt your system, visit the Data Security Program homepage. Ed Lee [edklee] can also help you encrypt your computer. If you use USB drives or other external storage, those must be encrypted as well.

4. Your computer must be registered with a 2235 form; email Ed Lee [edklee] for assistance.

5. Once the necessary registration has been completed, a sticker will be placed on the laptop to identify it as a Stanford computer (VA sticker, according to VA policy). This is distinct from the Stanford Property Inventory sticker; the red SLE sticker confirms that your computer (or phone, or mobile device) is properly registered, certified, and encrypted.

6. External devices such as USB or external drives must be approved by the VA ISO before they can be used on the VA campus. Ironkey or Apricorn external USB storage are allowed at the VA.

7. Wireless must be turned off, when you are on the VA campus; wired network connections only.

8. No Skype or other peer-to-peer applications (BitTorrent, eMule, LimeWire, etc) are allowed on the Stanford LAN extension.

 

back to top >

Requesting a New Connection to the SLE

Only certain areas of the VA were wired for the Stanford LAN Extension as the network was being built. Any new connections will likely require additional funding, as there will have to be new cable run and other new networking equipment installed. Therefore, if your location is not currently part of the SLE, and you need a connection, you should direct your request to the following people:

 

back to top >

Security Practices

Once you are on the network, you are personally responsible for maintaining the security of your own computer and the information stored on it. To make sure that you're handling your information the right way, read on for proper file storage and transfer practices, and general security habits.

Secure File Storage

As part of the new Data Security Program, the School of Medicine is putting together a centralized backup server. Stanford folks will need to use the new CrashPlan server to back up any computers used to access University files. For more, see the Data Security Program Backup FAQ.

Secure Email

Secure File Transfer

Establishing Proper Security Habits

 

back to top >

Visitors at the VA

Since every computer on VA property must be registered, certified, and encrypted, the same rule applies to any computer belonging to a visiting colleague or presenter. A computer without a red sticker will be confiscated and returned only after the encryption process is complete—which may take up to two days—so if you are on the VA campus and expecting visitors, consider the following:

 

back to top >

Connecting From Home

To connect to the SLE from home, or from other Stanford networks, you will need to request port access to the Stanford LAN Extension by submitting a HelpSU ticket.  All incoming traffic is blocked unless authorized by IRT security.

Another option besides requesting a firewall exception is to connect to Stanford resources using the University VPN (Virtual Private Network). With the VPN client, you can also use a Remote Desktop Connection to access your work computer from afar.

If you use your home computer for work, and you discuss prohibited, restricted, or confidential information, you will need to encrypt your home computer as well. As a Stanford user, you are entitled to three licenses for PGP, to encrypt three computers, so you should use the same Whole-Disk Encryption software to protect your home computer.

 

back to top >

Security Requirements: References

All Stanford computing equipment on the VA campus must conform to the security rules set forth by the VA and by Stanford. Below is a chart outlining which entity has which requirements:

Equipment VA Palo Alto HCS Network Requirements Reference (VA Regulations) Stanford SoM LAN Extension Requirements (determined by IRT)
Laptop PCs and Macs
  • Operating System (PC=Windows XP Pro only; Mac OSX v10.3 or greater)
  • Full Disk Encryption (PC=FIPTS 140-2 Check Point, PGP, or GuardianEdge; Macintosh = FileVault or PGP)
  • Security cable lock
  • Documentation (VA Form 2235, IT Security Checklist, and VAPAHCS OE asset tag)
  • Renamed (PAL-***)
  • Domain "VHA21" managed
  • VA Handbook 6500: Section 2(d), 6(c)(4)(o), 6(c)(4)(p)
  • Office of Information and Technology Field Operations
  • Operating System (PC: Windows XP Pro; Windows 7 Pro, Ultimate or Enterprise; Mac: OS 10.5, 10.6, 10.7 or 10.8)
  • Full Disk Encryption (PGP)
  • Security cable lock
  • Documentation (VA Form 2235 and Stanford asset tag)
  • Re-imaged to Stanford School of Medicine specs
Desktop PCs and Macs
  • Operating System (PC=Windows XP Pro only; Mac OS X v10.3 or greater)
  • Documentation (VA Form 2235, IT Security Checklist, and VAPAHCS OE asset tag)
  • Renamed (PAL-***)
  • Domain "VHA21" managed
  • VA Handbook 6500: Section 2(d), 6(c)(4)(o), and 6(b)(1)(a)
  • Office of Information and Technology Field Operations
  • Operating System (PC: Windows XP Pro; Windows 7 Pro, Ultimate or Enterprise; Mac: OS 10.5, 10.6, 10.7 or 10.8)
  • Documentation (VA Form 2235 and Stanford asset tag)
  • Re-imaged to Stanford School of Medicine specs
USB Thumb Drives
  • Stealth MXP Bio (FIPS 140-2)
  • IronKey (FIPS 140-2)
  • VA Handbook 6500: Section 6(c)(4)(b), 6(c)(4)(e), and 6(c)(4)(i)
  • Office of Information and Technology Field Operations
  • IronKey (FIPS 140-2)
External Hard Drives
  • Full Disk Encryption (FIPS 140-2 Check Point, PGP, or GuardianEdge)
  • VA Handbook 6500: Section 6(c)(4)(b) and 6(c)(4)(e)
  • Office of Information and Technology Field Operations
  • Full Disk Encryption (PGP)
Servers
  • Operating System (Windows Server 2003 or Mac OS X Server)
  • Renamed (PAL-***)
  • Domain "VHA21" managed
  • Documentation (VA Form 2235, IT Security Checklist, and VAPAHCS OE asset tag)
  • VA Handbook 6500: Section 2(d) and 6(b)(1)(a)
  • Office of Information and Technology Field Operations
  • Not Allowed
  • Contact IRT Security, if you have a server you need access to

 

back to top >

Additional Help

If you have any other questions or need help with the SLE, contact Ed Lee ( ) at the VA, or contact IRT Security: file a help ticket, or call us at 725-8000 (option 4).

 

 

Stanford Medicine Resources:

Footer Links: