Threat 3. Damage and theft of assets
An inherent challenge in owning and running a multi-user environment is the high
degree of negligence among users, due to perceived lack of ownership and
responsibility. Irresponsible or disgruntled users often, willfully or not, damage
workstations and other equipment in the lab.
A poorly supervised computer lab also provides a wealth of opportunity for theft.
Without proper supervision, a user can easily remove and steal computer parts,
which can then be sold through online auctions and message boards.
To be proactive, computer labs need to establish policies discouraging users
from negligent/aggressive behavior and theft by providing better access control to
the lab, tracking users presence in the lab, and controlling users access to
computer resources. This is where a Lab Management System becomes
invaluable.
SECURE LAB ENVIRONMENT
To successfully counter these threats, a computer lab needs to implement a set
of measures aimed to achieve a secure lab environment. The measures include:
Controlled access to computer rooms and workstations. Only registered
users should be allowed in the room. To identify a user, some form of ID needs to
be presented. When users bring guests, their presence should be recorded.
Unattended workstations should be locked. Lab assistants should be able to
force a user out of the workstation by locking the workstation from the control
center.
User registrations logs. All user registrations should be logged. Lab employees
should be able to identify who used a workstation at any given time and what
other workstations were used by the same person.
Alerts when known violators try to access workstations. After violators are
identified, lab employees should be able to add them to an Alert List so that the
next time a violator attempts to sign in, lab employees will be alerted.
Surveillance. In critical cases, lab employees should be able to query the list of
applications currently open on a user machine and take a snapshot of a users
display.
Ability to prevent launching certain applications. Users should not be able
to launch most popular 'junkware' such as games, chat clients, file sharing
clients, etc. Once such an application is launched, it should be automatically
shut down by the system. Lab employees should be able to manually shut down
applications on user machines from the control center.
VERALAB - A SECURE LAB ENVIRONMENT SOLUTION
VeraLab Lab Management System is designed as a security-centric application.
A computer facility equipped with VeraLab will satisfy all the criteria of a secure
lab environment.
Access control
The lab assistant controls access to workstations by signing-in a user to a
workstation from a Lab Assistant Dashboard. The Dashboard may be integrated
with a card reader to read data from student ID cards. If the client needs a higher
level of authentication, VeraLab Inc. will help develop an ID validation plugin
module to verify student IDs against a student database of the clients choice.
Figure 1. Lab Assistant Dashboard
All the information about user sign-in and sign-out is stored in the access log
in the database. The lab assistant can record the number of guests accompanying
a user.
Locking
Workstations can be locked and unlocked from the Lab Assistant Dashboard.
When a workstation is locked, VeraLab Guard, a security component installed
on a users machine, turns off the mouse and keyboard. VeraLab provides three
locking modes allowing lab managers to choose the appropriate security policy:
'Strict' mode: A workstation is kept locked until the lab assistant signs-in a user. \
Once the user is signed in, the workstation is automatically unlocked.
When the user is signed out, the workstation is automatically locked again.
Lab assistants can always lock and unlock the workstation on-demand.
'Liberal' mode: An unattended workstation is kept unlocked. Lab assistants can
always lock and unlock the workstation on demand. If the workstation has been
locked, it is automatically unlocked once the user is signed in.
'No locking' mode: Lab assistants cannot lock the workstation.
Figure 2. A workstation locked by VeraLab Guard
Locking modes are applied on a lab level and can be overridden on a room or
workstation level.
Access Log Analysis
Lab employees can search student registrations using various search criteria
when it is necessary to identify which user occupied a particular workstation or
which workstations have been occupied by a particular user.
Figure 3. User registration search screen
