Two upcoming security related changes

CHPC is working on two upcoming changes in response to new policies at the campus level due to Utah System of Higher Education (USHE) security initiatives.

Lock down of CHPC network space:

This change is in response to a campus initiative to reduce the attack surface by limiting access at the campus network border. The goal is to have this completed by early March.

To this end, CHPC is currently reviewing all of the network space that we support, noting all known services on these servers, and identifying the IPs for which world access is not needed. These IP addresses will then be locked down at the campus border.

As part of this process, we will be reaching out to the owners of services we have identified, to discuss this process and its impact.

If your group knows of any services (such as web sites) that you provide to entities outside the campus on CHPC run servers, feel free to contact us via helpdesk@chpc.utah.edu to confirm this need.

Two Factor Authentication: 

In accordance with University policy R4-004D, specifically the provision that “Wherever technically feasible, two-factor authentication (2FA) or multifactor authentication (MFA) shall be used.” CHPC will be moving to expand the systems on which Duo authentication is required.

Currently, CHPC only requires the use of 2FA (Duo) for access to resources in the protected environment and for access to the ondemand services (due to the use of the Campus Authentication Services). With this change, we will expand the use of Duo to the general environment login nodes.

CHPC is exploring the implantation of Duo for access to all CHPC resources; once we have completed this exploration we will announce a date for implementation of this policy.