Remote Access Policy
1. Purpose
The purpose of this policy is to define standards for connecting to Connecticut College's network from any end user device, for example: PC, Tablet). These standards are designed to minimize the potential security exposure to Connecticut College from damages which may result from unauthorized use of Connecticut College resources. Potential damages include the loss of sensitive or college confidential data, intellectual property, damage to public image, and damage to critical Connecticut College internal systems.
2. Scope
This policy applies to all Connecticut College employees, students, and College Affiliates with a collegeowned or personallyowned computer or workstation used to connect to the campus network. This policy applies to remote access connections used to do work on behalf of Connecticut College, including reading or sending email and viewing intranet web resources.
Remote access implementations that are covered by this policy include, but are not limited to DSL, VPN, SSH, WebEX, video conferencing.
3. Definitions and Authority
“VPN” or Virtual Private Network is a method employing encryption to provide secure access to a remote computer over the Internet.
“Split Tunneling” is a computer networking concept which allows a mobile user to access dissimilar security domains like a public network (e.g., the Internet) and a local LAN or WAN at the same time, using the same or different network connections.
“Dualhomed” or dualhoming can refer to either an Ethernet device that has more than one network interface, for redundancy purposes, or in firewall technology, dualhomed is one of the firewall architectures for implementing preventive security.
“College Affiliate” someone officially attached or connected to an organization, e.g., contractors, vendors, interns, temporary staffing, volunteers.
“Public/Private Key” In cryptography, a public key?is a value provided by some designated authority as an encryption key?that, combined with a private?key?derived from the public key?, can be used to effectively encrypt messages and digital signatures.
4. Policy
It is the responsibility of Connecticut College employees, students, and College Affiliates with remote access privileges to Connecticut College's campus network to ensure that their remote connection is given the same information security consideration as the user's onsite connection to Connecticut College.
VPN and general access to the Internet for recreational use by immediate household members through the Connecticut College network on collegeowned computers is prohibited. The Connecticut College employee bears responsibility for the consequences should the access be misused as outlined in section 5.3 Non Compliance.
Please review the following policies for details of protecting information when accessing the College network via remote access methods:
For additional information regarding Connecticut College's remote access connection options, including how to order or disconnect service, troubleshooting, etc., go to the following link https://www.conncoll.edu/informationservices/technologyservices/wifiandnetworkaccess/vpn/.
4.1 Secure remote access must be strictly controlled. Control will be enforced via onetime password authentication or public/private keys with a strong password. For information on creating a strong password see the criteria for passwords at the following link: https://www.conncoll.edu/informationservices/technologyservices/accountspasswords /.
4.2 At no time should any Connecticut College employee, student or College Affiliate provide their Camel username or password to anyone, not even family members.
4.3 Connecticut College employees, students and College Affiliates with remote access privileges must ensure that their collegeowned or personal computer, which is remotely connected to Connecticut College's campus network, is not connected to any other network at the same time, with the exception of personal networks (i.e., home network) that are under the complete control of the user.
4.3.1 Connecticut College employees, students, and College Affiliates with remote access privileges to Connecticut College's campus network must not use nonConnecticut College email accounts (i.e., Hotmail, Yahoo, AOL), or other external resources to conduct Connecticut College business, thereby ensuring that official college information is protected and never confused with personal business.
4.3.2 Reconfiguration of a home user's equipment for the purpose of splittunneling or dual homing is not permitted at any time.
4.3.3 Nonstandard hardware configurations must be approved by Information Security Office.
4.3.4 All devices that are connected to Connecticut College campus networks via remote access technologies must use the most uptodate antivirus software and operating systems. Employees, students and College Affiliates using their personal devices can download recommended anti virus software at the following URL: (https://www.conncoll.edu/informationservices/technologyservices/informationsecurity/antivirussoftware/).
4.3.5 Third party College Affiliates must comply with requirements as stated in the Contractor Screening Policy.
4.3.6 Organizations or individuals who wish to implement nonstandard Remote Access solutions to the Connecticut College production network must obtain prior approval from Information Security Office
5. Policy Compliance
5.1 Compliance Measurement
The College Information Security Office will verify compliance to this policy through various methods, including but not limited to, periodic walkthroughs, business tool reports, and feedback to the Information Security Office.
5.2 Exceptions
Any exception to the policy must be approved by the Chief Information Security Officer in advance.
5.3 NonCompliance
Use of VPN access in ways that are not consistent with the main purposes of the College, or that interfere with the work of other members of the College community, may be revoked, following the usual disciplinary processes of the College for students, faculty, and staff. For all others, the Vice President of Information Services, may revoke accounts for those who are neither employed nor enrolled in the College.
6. Process Summary
6.1 Eligibility to Access
a. Academic VPN allows all valid employees and students to access the College network resources.
b. Administrative VPN has restricted access. Based on requirements and approval employees and College Affiliates are added to the appropriate security groups based on their assigned roles.
c. Requests for Administrative VPN access is requested through Web Help Desk and requires supervisor approval and approval by the Information Security Office.
6.2 Installation
d. College-owned systems come from the Desktop Support Team with a VPN client preinstalled on the PC/MAC.
e. IT Service Desk can assist with the installation of the VPN client.