subject:"Re\: \[MCN\-L\] Collections Database Remote Access Policies"

Re: [MCN-L] Collections Database Remote Access Policies

2017-02-23 Thread Heck, James

We do allow remote access but not through a Terminal server but traditional
VPN.  However all VPN access is secured through 2 Factor Authentication
reducing the risk of compromised credentials being an issue.  However since
we are still using TMS which doesn't have a web client even the remote PC
needs to have had the thick application installed on it, thus reducing the
potential risk a bit as well.  Mainly since someone would have installed
the application and known the configurations settings for our TMS
environment.

James


--
James J. Heck
Director of Technology
james_h...@moma.org
Single number reach: +1 212 708 9554
Trying to schedule a meeting with me?  Check my availability here

!

On Thu, Feb 23, 2017 at 4:56 PM, Boyce Tankersley <
btank...@chicagobotanic.org> wrote:

> Hi Rob:
>
> The issue we ran into related to an infected computer at home that
> 'shared' with the institutional server when they remotely accessed the
> databases.
>
> Boyce Tankersley
> Chicago Botanic Garden
>
> -Original Message-
> From: mcn-l-boun...@mcn.edu [mailto:mcn-l-boun...@mcn.edu] On Behalf Of
> Rob Morgan
> Sent: Thursday, February 23, 2017 2:18 PM
> To: mcn-l@mcn.edu
> Subject: [MCN-L] Collections Database Remote Access Policies
>
> Hello MCN Listserv,
>
>
>
> Does your institution allow remote access to your collections database?
> For example, can a Curator check your collections database from home via a
> Remote Desktop Connection/Terminal Server, or something similar?
>
>
>
> If so, does your institution have a policy in place regarding remote
> access to your collections database?  If so, can you share it with me?
>
>
>
> FYI, we allow remote access to our collections database.  However, there
> is concern about losing control over who can see sensitive information
> (e.g., values, locations, etc.) when the database is accessed outside the
> museum (e.g., a non-employee could see sensitive data in an employee’s
> home).  Of course, the argument is that staff should be trusted regardless
> of where they’re working.
>
>
>
> Thanks,
>
> Rob Morgan
>
> Collections Database Administrator
>
> The Baltimore Museum of Art
>
>
> P.S.  Sorry for any cross-listing
> ___
> You are currently subscribed to mcn-l, the listserv of the Museum Computer
> Network (http://www.mcn.edu)
>
> To post to this list, send messages to: mcn-l@mcn.edu
>
> To unsubscribe or change mcn-l delivery options visit:
> http://mcn.edu/mailman/listinfo/mcn-l
>
> The MCN-L archives can be found at:
> http://www.mail-archive.com/mcn-l@mcn.edu/
>
___
You are currently subscribed to mcn-l, the listserv of the Museum Computer 
Network (http://www.mcn.edu)

To post to this list, send messages to: mcn-l@mcn.edu

To unsubscribe or change mcn-l delivery options visit:
http://mcn.edu/mailman/listinfo/mcn-l

The MCN-L archives can be found at:
http://www.mail-archive.com/mcn-l@mcn.edu/

Re: [MCN-L] Collections Database Remote Access Policies

2017-02-23 Thread Boyce Tankersley

Hi Rob:

The issue we ran into related to an infected computer at home that 'shared' 
with the institutional server when they remotely accessed the databases.

Boyce Tankersley
Chicago Botanic Garden

-Original Message-
From: mcn-l-boun...@mcn.edu [mailto:mcn-l-boun...@mcn.edu] On Behalf Of Rob 
Morgan
Sent: Thursday, February 23, 2017 2:18 PM
To: mcn-l@mcn.edu
Subject: [MCN-L] Collections Database Remote Access Policies

Hello MCN Listserv,



Does your institution allow remote access to your collections database?
For example, can a Curator check your collections database from home via a 
Remote Desktop Connection/Terminal Server, or something similar?



If so, does your institution have a policy in place regarding remote access to 
your collections database?  If so, can you share it with me?



FYI, we allow remote access to our collections database.  However, there is 
concern about losing control over who can see sensitive information (e.g., 
values, locations, etc.) when the database is accessed outside the museum 
(e.g., a non-employee could see sensitive data in an employee’s home).  Of 
course, the argument is that staff should be trusted regardless of where 
they’re working.



Thanks,

Rob Morgan

Collections Database Administrator

The Baltimore Museum of Art


P.S.  Sorry for any cross-listing
___
You are currently subscribed to mcn-l, the listserv of the Museum Computer 
Network (http://www.mcn.edu)

To post to this list, send messages to: mcn-l@mcn.edu

To unsubscribe or change mcn-l delivery options visit:
http://mcn.edu/mailman/listinfo/mcn-l

The MCN-L archives can be found at:
http://www.mail-archive.com/mcn-l@mcn.edu/

Re: [MCN-L] Collections Database Remote Access Policies

2017-02-23 Thread Rob Lancefield on lists


Hi Rob and all,

We don't allow remote access to our collection database, for reasons 
much along the lines you note. Regardless of trust in staff, in our 
assessment doing so would still entail unacceptable risk.


Let's say a staff member's access credentials were unknowingly 
compromised by a visitor peering over a shoulder during one careless 
login. With remote access, those authentication credentials could then 
be used by unknown parties at their leisure. With on-premises access 
only, the risk of compromise to sensitive data would be mitigated to 
some degree by the need to access the system from within the museum. 
Noting that spoofing, etc. could still be a factor (depending on how 
this aspect of access control is implemented), it can still be one among 
various useful layers of reducing the risk of intrusion.


Most of our use cases for remote access by staff can be covered by using 
our public-facing collection search, and those that can't can wait until 
the staff person is back on premises--or occasionally can be handled by 
human proxy, as it were, via a known colleague on premises.


That's our take on the question, anyway. Convenient as it would be on 
occasion to be able to do data cleaning from home during an ice storm!


Rob

--
Rob Lancefield
Manager of Museum Information Services / Registrar of Collections
Davison Art Center, Wesleyan University
301 High Street, Middletown CT 06459-0487 USA
rlancefield [at] wesleyan [dot] edu  |  tel. 860.685.2965

On 2/23/17 3:17 PM, Rob Morgan wrote:

Hello MCN Listserv,

Does your institution allow remote access to your collections database?
For example, can a Curator check your collections database from home via a
Remote Desktop Connection/Terminal Server, or something similar?

If so, does your institution have a policy in place regarding remote access
to your collections database?  If so, can you share it with me?

FYI, we allow remote access to our collections database.  However, there is
concern about losing control over who can see sensitive information (e.g.,
values, locations, etc.) when the database is accessed outside the museum
(e.g., a non-employee could see sensitive data in an employee’s home).  Of
course, the argument is that staff should be trusted regardless of where
they’re working.

Thanks,

Rob Morgan
Collections Database Administrator
The Baltimore Museum of Art


___
You are currently subscribed to mcn-l, the listserv of the Museum Computer 
Network (http://www.mcn.edu)

To post to this list, send messages to: mcn-l@mcn.edu

To unsubscribe or change mcn-l delivery options visit:
http://mcn.edu/mailman/listinfo/mcn-l

The MCN-L archives can be found at:
http://www.mail-archive.com/mcn-l@mcn.edu/

Re: [MCN-L] Collections Database Remote Access Policies

Re: [MCN-L] Collections Database Remote Access Policies

Re: [MCN-L] Collections Database Remote Access Policies

3 matches

Site Navigation

Mail list logo

Footer information