October 15, 2021
Bulletin interne de l'Institut Pasteur
New tool for workstation compliance and network connection
As part of its security plan and following Government's regulations, Institut Pasteur will gradually deploy starting September 2021 a tool for monitoring compliance with basic security rules for workstations connected to the network. In addition, access control to the Institut Pasteur network will be improved to provide a simpler and more secure experience for Pasteurian.
These changes are essential to guarantee the security of the Pasteur network, the tools available to you, as well as your data.
They will allow us to ensure that the workstations that are connected to the institute's network, regardless of their origin (Pasteur workstation, OREX workstation, personal workstation, etc.) comply with the following conditions:
• Use of an up-to-date operating system (OS) tool maintained by its vendor
• Use of up-to-date antivirus software maintained by its publisher
• Connection via PasteurId Account
Why these changes?
Workstations are one of the main entry points for attackers into a computer network. By exploiting a vulnerability (the SMB vulnerability for example which allows a virus to be propagated on shared directories), by using a malicious program (widely used especially against universities), major computer attacks have been carried out in recent years.
This tool will also facilitate the management of access to the various zones of the network and the deployment of urgent security measures.
Workstation compliance
To check its compliance, software called "Forescout Agent" will be installed on your workstation. The sole action of this agent is to check the defined security criteria, before validating your entry into the Pasteur network.
This agent is already being deployed in passive mode, meaning without enforcing any restrictions. Therefore, it is perfectly normal to witness this blue round icon in the taskbar:
Network Access Control
In addition, your access to the network when you are on campus will no longer be conditioned by the declaration of your workstation with IT support (MAC filtering), but by the simple use of your Pasteur username and password (802.1X authentication).
To ensure everyone's adaptation to these new information security practices, the deployment schedule will be gradual. Specific communications will be sent for this purpose, for the moment no action is required on your part.
More information
Find out more on the project and read the user guides on the WebCampus pages (in French)
Should you have questions regarding the project, you can contact us at evolution-acces-reseau@pasteur.fr