Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: College Support of VPN on open Wi-Fi

From: "McClenon, Brady" <Brady.McClenon () ONEONTA EDU>
Date: Fri, 6 Oct 2017 19:39:10 +0000
Anyone concerned about legal implications if their institution is providing overseas students a VPN tunnel that could 
be used by the student to circumvent country or regional restrictions on content from providers like Netflix or Hulu?


Brady McClenon
IT Security Administrator
ITS - IT Security
SUNY Oneonta

Information Security is Everyone's Responsibility!  Learn more at http://staysafeonline.org/ncsam/



-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Johnson, 
Matthew
Sent: Friday, October 6, 2017 3:05 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] College Support of VPN on open Wi-Fi

A good portion of our VPN access is from students / staff/ and faculty
traveling overseas.  We encourage its use when people travel or return to
their home as it provides an additional level of protection when they
connect back to our internal resources.   

To protect these accounts we recently enabled Duo two factor authentication
for all VPN connections.  This will ensure that the proper account is
connecting through the VPN and only one person is using that account.   If
you are worried about VPN from overseas, enable two factor authentication
and tie it to one user account.

Matt

Matthew Johnson, CISSP
Information Security Analyst, Office of Information Security 
Northeastern University
216 Massachusetts Ave, 302-216 Boston, MA 02115
O:  617-373-6080 | F: 617-373-6423


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valdis Kletnieks
Sent: Thursday, October 05, 2017 5:57 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] College Support of VPN on open Wi-Fi

On Wed, 04 Oct 2017 23:44:35 -0000, "Corn, Michael" said:

One thing to consider if you're rethinking your VPN strategy. Include 
a check box somewhere that, if checked, permits access to the VPN from 
overseas. By default it should not be checked. This will provide some 
protection to accounts from abuse since VPNs are frequent targets for 
use from overseas (esp. for those targeting your library resources).


Also make plans for how to deal with people that travel to California, or
across the state, and errant Geo-IP suddenly decides they're outside the US.
Make sure that your help desk is able to deal with these glitches *AND* that
the procedure is at least somewhat social engineering proof....

(Yes, I know that last part is a challenge involving tradeoffs ... :)
Previous By Date Next
Previous By Thread Next

Current thread: