Educause Security Discussion mailing list archives
Re: Remote Access Policies
From: Bill Terry <wterry () BARD EDU>
Date: Mon, 14 Jul 2008 23:10:33 -0400
Todd - Gary's model makes sense. Charlie's idea of a thin client certaintly give you a bit more control but may require more resources. I've worked as a lead on two deployments of Cisco's IPSec VPN, one with full availability to 16,000 employees. In both cases this was not generally made available to students. After testing/trials, the client was distributed via CD and intranet download. With proper documentation, support is generally not an issue - and we generally did not offer support. Users do need to understand that this is a use of your resources and all security / privacy rules do apply. Users need to clearly understand that using the VPN is not the same as simply "surfing" from home - they should not use it in any way that they would not use resources while on campus, and that it is easy to forget that one is connected. All home computers must have properly configured anti-virus software installed. You may want to limit use to laptops issued by your institution. Individual authentication via Radius/LDAP, etc. with logging is essential. I believe we distributed the group user names and passwords encrypted on the CD. The usual reminders about not sharing names and passwords apply, too. In one implementation we displayed a log-on message that required a simple acknowledgment - adherence to policies was required, use could be logged and monitored, failure to comply could result in discipline and/or prosecution. I can supply a log-on message (attorney vetted) and some policy boiler plate. Please contact me off-line. We are preparing to roll it out at Bard College over the next few months Bill Terry Assoc. Dean of Information Services & CTO Henderson Computing Resources Center Bard College PO Box 5000 Annandale-on-Hudson, NY 12504-5000 845-758-7495 work 845-758-7035 fax Gary Dobbins wrote:
Todd, I can't speak for how prevalent is this model, but in our case the VPN is positioned mainly as a way of getting "on" the campus LAN, and not a form of access in and of itself. Access to information is governed by the systems and applications, not the VPN. Therefore, our VPN is just a location-shifter (makes you "local" so non-public-serving systems don't need to trust the whole world) and thus its use is covered by the same overarching Responsible Use Policy that covers activity when physically using the campus net.-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Todd Bossaller Sent: Monday, July 14, 2008 7:59 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Remote Access Policies Does anyone have any policies or rules they would be willing to share for remote access (VPN) to their instituion? Are there any legal policies/procedures I should be aware of? Thank you, Todd Bossaller Systems Administrator Missouri Valley College 500 E College St Marshall, MO 65340 660.831.4088 bossallert () moval edu<mailto:bossallert () moval edu> This document may contain confidential information and is intended solely for the use of the addressee. If you received it in error, please contact the sender at once and destroy the document. The document may contain information subject to restrictions of the Family Educational Rights and Privacy and the Gramm-Leach- Bliley Acts. Such information may not be disclosed or used in any fashion outside the scope of the service for which you are receiving the information
Current thread:
- Remote Access Policies Todd Bossaller (Jul 14)
- <Possible follow-ups>
- Re: Remote Access Policies Gary Dobbins (Jul 14)
- Re: Remote Access Policies Charlie Prothero (Jul 14)
- Re: Remote Access Policies Bill Terry (Jul 14)
- Re: Remote Access Policies Matthew Gracie (Jul 15)
- Re: Remote Access Policies Kim Z. Dale (Jul 15)
- Re: Remote Access Policies Di Fabio, Andrea (Jul 15)
- Re: Remote Access Policies Philip Webster (Jul 15)