Tales from jails: How I helped network a prison

Computerworld - Networking promotes the communication of information, while security restricts it. Most networking professionals try hard to strike a healthy balance between the two, but what if security is tantamount and inviolate, and the needs are skewed?

There is very little written about networking prison computers. The tale you are about to read is the true account of my experience in a prison networking project.

My home state has more than a dozen major prison facilities containing thousands of inmates. Many of these inmates are evaluated or treated for mental illness. Psychiatric services are provided by a multimillion-dollar, multiyear contract, and supplying networked resources to clinicians as part of this contract is a major challenge. This is the deployment in which I was involved. For reasons of corporate confidentiality, I am withholding the name of the organization, but suffice it to say that it's a leader in its field. Nevertheless, initial enthusiasm was somewhat dampened as the project evolved into a major corporate exercise.

A prison serves to keep people on the inside in and people on the outside out. What factors must be considered to securely network binary data in and out? Every system manager and network administrator knows that every site setup has its own challenges, but perhaps nowhere else are logistical issues as restrictive as when networking a prison. By the very nature of the environment, a prison has its own rules.

Prisons are a necessary part of society, but one that intentionally lies well below the radar of the average citizen. Here are some general principles involved in networking this very restrictive, security-conscious environment.

The primary mandate is simple and straightforward: Establish high-speed solid and secure connectivity to all networked sites so that employees can do their jobs as efficiently and effectively as possible.

Stark reality

The stark reality involves much more. Create computer accounts quickly for many novice users. Administer e-mail for unenlightened users. Set up dozens of desktops and laptops with remote access capability, as well as all necessary applications, vendor patches and antivirus protections. Enable file sharing on a need-to-know basis. Adjust permissions by global groups, not individuals. Use access control lists judiciously.

Backup all data online and off-line -- and often. Record and track all changes to the satisfaction of prison officials. Lastly, but no less important, be aware that you must accomplish all of the above in conjunction with older, on-site legacy equipment. And much of it must be done remotely.