Remote Access Policy

1. Purpose

The purpose of this policy is to define standards for connecting to Connecticut College's network from any end user device, for example: PC, Tablet). These standards are designed to minimize the potential security exposure to Connecticut College from damages which may result from unauthorized use of Connecticut College resources. Potential damages include the loss of sensitive or college confidential data, intellectual property, damage to public image, and damage to critical Connecticut College internal systems.

2. Scope

This policy applies to all Connecticut College employees, students, and College Affiliates with a college­owned or personally­owned computer or workstation used to connect to the campus network. This policy applies to remote access connections used to do work on behalf of Connecticut College, including reading or sending email and viewing intranet web resources.

Remote access implementations that are covered by this policy include, but are not limited to DSL, VPN, SSH, WebEX, video conferencing.

3. Definitions and Authority

“VPN” or Virtual Private Network is a method employing encryption to provide secure access to a remote computer over the Internet.

“Split Tunneling” is a computer networking concept which allows a mobile user to access dissimilar security domains like a public network (e.g., the Internet) and a local LAN or WAN at the same time, using the same or different network connections.

“Dual­homed” or dual­homing can refer to either an Ethernet device that has more than one network interface, for redundancy purposes, or in firewall technology, dual­homed is one of the firewall architectures for implementing preventive security.

“College Affiliate” someone officially attached or connected to an organization, e.g., contractors, vendors, interns, temporary staffing, volunteers.

“Public/Private Key” In cryptography, a public key?is a value provided by some designated authority as an encryption key?that, combined with a private?key?derived from the public key?, can be used to effectively encrypt messages and digital signatures.

4. Policy

It is the responsibility of Connecticut College employees, students, and College Affiliates with remote access privileges to Connecticut College's campus network to ensure that their remote connection is given the same information security consideration as the user's on­site connection to Connecticut College.

VPN and general access to the Internet for recreational use by immediate household members through the Connecticut College network on college­owned computers is prohibited. The Connecticut College employee bears responsibility for the consequences should the access be misused as outlined in section 5.3 Non Compliance.

Please review the following policies for details of protecting information when accessing the College network via remote access methods:

• College Owned Computer Use Agreement
• Appropriate Use Policy for Computer and Information Resources

For additional information regarding Connecticut College's remote access connection options, including how to order or disconnect service, troubleshooting, etc., go to the following link https://www.conncoll.edu/information­services/technology­services/wifi­and­network­access/vpn/.

4.1 Secure remote access must be strictly controlled. Control will be enforced via one­time password authentication or public/private keys with a strong password. For information on creating a strong password see the criteria for passwords at the following link: https://www.conncoll.edu/information­services/technology­services/accounts­­passwords /.

4.2 At no time should any Connecticut College employee, student or College Affiliate provide their Camel username or password to anyone, not even family members.

4.3 Connecticut College employees, students and College Affiliates with remote access privileges must ensure that their college­owned or personal computer, which is remotely connected to Connecticut College's campus network, is not connected to any other network at the same time, with the exception of personal networks (i.e., home network) that are under the complete control of the user.

4.3.1 Connecticut College employees, students, and College Affiliates with remote access privileges to Connecticut College's campus network must not use non­Connecticut College email accounts (i.e., Hotmail, Yahoo, AOL), or other external resources to conduct Connecticut College business, thereby ensuring that official college information is protected and never confused with personal business.

4.3.2 Reconfiguration of a home user's equipment for the purpose of split­tunneling or dual homing is not permitted at any time.

4.3.3 Non­standard hardware configurations must be approved by Information Security Office.

4.3.4 All devices that are connected to Connecticut College campus networks via remote access technologies must use the most up­to­date anti­virus software and operating systems. Employees, students and College Affiliates using their personal devices can download recommended anti virus software at the following URL: (https://www.conncoll.edu/information­services/technology­services/informationsecurity/antivirus­software/).

4.3.5 Third party College Affiliates must comply with requirements as stated in the Contractor Screening Policy.

4.3.6 Organizations or individuals who wish to implement non­standard Remote Access solutions to the Connecticut College production network must obtain prior approval from Information Security Office

5. Policy Compliance

5.1 Compliance Measurement

The College Information Security Office will verify compliance to this policy through various methods, including but not limited to, periodic walkthroughs, business tool reports, and feedback to the Information Security Office.

5.2 Exceptions

Any exception to the policy must be approved by the Chief Information Security Officer in advance.

5.3 Non­Compliance

Use of VPN access in ways that are not consistent with the main purposes of the College, or that interfere with the work of other members of the College community, may be revoked, following the usual disciplinary processes of the College for students, faculty, and staff. For all others, the Vice President of Information Services, may revoke accounts for those who are neither employed nor enrolled in the College.

6. Process Summary

6.1 Eligibility to Access

a. Academic VPN allows all valid employees and students to access the College network resources.

b. Administrative VPN has restricted access. Based on requirements and approval employees and College Affiliates are added to the appropriate security groups based on their assigned roles.

c. Requests for Administrative VPN access is requested through Web Help Desk and requires supervisor approval and approval by the Information Security Office.

6.2 Installation

d. College­-owned systems come from the Desktop Support Team with a VPN client pre­installed on the PC/MAC.

e. IT Service Desk can assist with the installation of the VPN client.