Personal Devices in China (including Hong Kong) (2024)

ISO Position Paper

Position Title: Personal Devices in China (including Hong Kong)

Position Audience: Princeton University Community

Problem Statement

Students, faculty, and staff travel to China and often need access to University systems.

Disclaimer

Please be aware that there is little that Princeton OIT can do to support personal devices on networks in China (including Hong Kong). We do our best to support Princeton international travelers with loaner devices and temporary email addresses, but for residents we have no solutions beyond best practices and vigilance.

Baseline Assessment

No device can be protected against all possible forms of system and information compromise, especially when in countries that are deemed as high-risk.
You must assume that any device in a high-risk country will be compromised in some, potentially undetectable way.
You must realize that connections will be poor, inconsistent, and perhaps non-existent.
You must realize that the computing environment is constantly changing in China.
The biggest issue is oftentimes less about security of devices and more about accessibility to western resources.

ISO Position

The ISO recommends you follow these best practices.

Security Best Practices When Connecting to Princeton:

Always use the Princeton virtual private network (VPN) solution (GlobalConnect).
Use two factor authentication (2FA) whenever possible.
Graduate students should have access to any Princeton solutions that they require, which may include Zoom, Box, Google Drive, and the learning management system (LMS) used by the graduate school.
Always have an active and up to date virus protection solution on your device.
Utilize the Princeton password manager (Lastpass).
Never store Princeton data on Chinese-managed cloud services.
Be careful about what you post about Princeton on social media, particularly Chinese social media.

Security Best Practices in High-Risk Countries:

Configure a firewall to block incoming connections.
Turn off file and printer sharing.
Disable any remote desktop software.
Disable bluetooth when not in use.
Avoid public wifi and public hotspots. Use VPN if use of public wifi or hotspots is unavoidable.
Use trusted wifi instead of cellular data whenever possible.
Understand the sensitivity of your data.
Beware of your surroundings when logging in or adding data to your device.
Review the travel guidelines found on the ISO's website.
With the limited exception of faculty, postdocs, and staff traveling domestically, all members of the Princeton University community are required to enroll the details of University Travel in theEnroll My Tripsystem prior to departure.
Be discerning on how your device and/or account is behaving, and report any unusual issues or behaviors to the Service Desk (1-609-258-4357 or [emailprotected]).
Visit the ISO’s Safe Computing page for additional information about the above topics as well as other information security topics.

Additional Information

Questions and clarification can be provided by contacting the Information Security Office at [emailprotected].

Data classification: Public