Securing Other Devices
Appliances, IoT, & Other Devices
The increased convenience of internet connectivity and voice-controlled or app-controlled devices means that all kinds of devices nowadays can talk to the internet, and are often constantly listening. Plus, many of these internet-connected devices can't be encrypted and therefore can't comply with Stanford's minimum security standards. Therefore, if you utilize these kinds of devices, it's important that you also protect Stanford information.
These kinds of devices need to be connected to the internet in order to function as designed — but also are usually unable to be encrypted according to Stanford's standards.
Examples: Echo, Echo Dot (Alexa), Google Home, Apple HomePod, Nest
- Whether on campus or off, they should not be placed where confidential information could be overheard (remember, they're listening to you!)
- They should have a built-in OS.
- They should be registered in NetDB if they are connected to the Stanford network
- Since they will likely not be able to meet compliance requirements, they should be put on protected networks to limit the risk to the device as well as the network.
Cameras (either video or still photography) are sometimes used for surveillance purposes.
- Turn off wireless access
- Store them in a safe and physically secure location
- Post a sign and notify people (both visitors and regular employees) that surveillance is in effect in that area.
- Make sure the cameras don't capture information that should be kept secure (i.e., papers on a desk, computer screens.
- If you capture sensitive photos or videos on removable media, transfer them as soon as possible to encrypted storage and then remove them from the removable media.
Apple Watch Series 1 and 2 are dependent on a paired iPhone for use. The Apple Watch Series 3 is capable of its own wifi access and cellular plan, so can send and receive text messages, calls, and emails, and download and run apps independently of an iPhone being present . The Watch can even unlock a computer that's signed into the same Apple ID. Therefore, it is especially important to take the proper security precautions should your Watch ever be lost or stolen.
For more help, visit the Apple Watch user guide.
For larger departments or buildings, consider using CardinalPrint.
Alternatively, consider using a special printer network, this will ensure that standard printer ports are open on the firewall and provide some protection against outside malicious access.
Be aware that as with all network-connected devices, vulnerabilities may be identified that allow others to access or disrupt your printing. It is important that you ensure your device is up-to-date with firmware and that you remediate any vulnerabilities that are identified.
Building and Automation Systems
Devices used to monitor environmental conditions or control access to important facilities require special protections to prevent tampering or malicious actions. There are specialized networks to support these devices, with limited inbound and outbound access to ensure continued operations.