IT 040 – Remote Access

Number
IT 040
Department
Information Technology
Effective
Last Revision

Purpose

To state the requirements for remote access to computing resources hosted at 91ɬÂþ (91ɬÂþ) using Virtual Private Network technology.

Scope

Applies to all 91ɬÂþ users.

Definition

Information Technology (IT) Resources: An array of products and services that collect, transform, transmit, display, present, and otherwise make data into usable, meaningful and accessible information. IT Resources include but are not limited to: desktop computers, laptops, and tablet PC’s; handheld devices including but not limited to, cell phones; e-mail, voicemail, servers, central computers, and networks; cloud storage systems; network access systems including wireless systems; portable hard drives and databases; computer software; printers and fax machines and lines; campus, classroom and office audio and visual display devices and switching, camcorders, televisions, physical media; telephone equipment and switches including local and long-distance services; satellite equipment and any other current or future IT resource adopted by 91ɬÂþ as new technologies are developed.

Remote Access: Access to IT resources from an electronic or other device not directly connected to the 91ɬÂþ wired or wireless networks, but not including accesses to such IT resources where remote access is considered a primary function and normative use. For example, use of a web browser to remotely access a 91ɬÂþ web page is not covered by this policy.

Remote User: One who uses an electronic or other device for remote access.

User: Anyone who uses 91ɬÂþ’s information technology resources, even if they have no responsibility for managing the resources. This includes students, faculty, staff, contractors, consultants, and temporary employees.

Virtual Private Network (VPN): A secured private network connection built on top of a public network. A VPN provides a secure encrypted connection or tunnel over the Internet between a 91ɬÂþ individual computer and a private network. VPN allows members of 91ɬÂþ to securely access 91ɬÂþ network resources as if they were on campus.

Policy

Remote access to 91ɬÂþ’s IT resources must be accomplished in a manner that furthers 91ɬÂþ’s mission while preventing unauthorized use of those resources. This policy is designed to ensure that 91ɬÂþ’s IT resources are used for the purposes for which they are intended. Accordingly, 91ɬÂþ prohibits illegal or unauthorized remote access to 91ɬÂþ’s IT resources. Only authorized 91ɬÂþ employees may utilize 91ɬÂþ’s VPN for remote access.

Guidelines 

In order to connect to the VPN it is necessary for remote users to install the approved Cisco Anyconnect software on a laptop provided by 91ɬÂþ (software URL will be provided). Remote users will need a connection to the Internet from their off-campus location. 91ɬÂþ does not provide remote users with an Internet connection, their Internet Service Provider does.

  • It is the responsibility of all employees with remote access privileges to ensure that unauthorized users are not allowed access to internal 91ɬÂþ networks and associated content.
  • Remote access is subject to all applicable 91ɬÂþ policies.
  • All employees, while using 91ɬÂþ’s VPN technology for remote access, are a de facto extension of the 91ɬÂþ network, and as such are subject to the 91ɬÂþ Internet Usage Policy.
  • All computers or electronic devices connected to 91ɬÂþ’s internal network via the VPN or any other technology must use a properly configured up-to-date operating system and anti-virus software.
  • Redistribution of the 91ɬÂþ VPN Cisco client or associated installation information is prohibited.
  • All employees using 91ɬÂþ’s VPN shall only connect to or have access to machines and resources that they have permission and rights to use.
  • Support will only be provided for VPN clients approved by 91ɬÂþ’s Information Technology Services.
  • All remote users must use the centrally provided VPN client software.
  • All systems used for remote access must have an enabled firewall.
  • All employees must recognize that the use of the VPN system does not guarantee that all transmissions between the remote PC and the 91ɬÂþ network are secure. It is the remote user’s responsibility to configure their applications to use the VPN if they desire their transmissions to be secure.

Enforcement

91ɬÂþ’s Chief Information Officer is responsible for enforcement of this policy.

Violation Of Policy

Any violation of this policy may result in corrective action up to and including termination of employment and/or suspension or expulsion in the event of a student. Additionally, users who violate this policy may be subject to loss of software privileges, civil action, and criminal prosecution.